|
From: | phcoder |
Subject: | Re: truecrypt support in grub ? |
Date: | Thu, 16 Apr 2009 18:27:33 +0200 |
User-agent: | Thunderbird 2.0.0.21 (X11/20090409) |
J. Bakshi wrote:
It's already able to load kernels from encrypted partition. For the moment it's too big to fit to mbr gap but in perspective it could be squeezed enough. Then you don't need unencrypted partitions at all. For now if you want to do this you need to leave some space before the first partition. Be aware that even if such configuration is nice it doesn't increase security in any way. The easiest attack is to replace grub with a recompiled grub which additionally writes password somewhere on the diskOn Wed, 15 Apr 2009 18:25:27 +0200 phcoder <address@hidden> wrote:Michael Gorven has already implemented LUKS support for grub2.^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ really nice to know. But does it still required /boot partition as un-encrypted ?
Why don't you help us with that? Install truecrypt, dump mbr and mbr gap. Disassemble mbr and send an explanation of what it does in plain english hereUsing truecrypt with linux partitions is a bad idea - this encryption isn't native to it in any way and also truecrypt is under GPL-incompatible licence which means it's unlikely to be incorporated to grub (youneed to figure out the on-disk layout of truecrypt and then reimplement it from scratch (but you can reuse ciphers from luks implementation)). If all you want is boot windows installed on truecrypt partition then the best way is to chainload truecrypt booter. I haven't yet looked in it myself but it seems that truecrypt booter uses mbr gap too which conflicts with grub. However it can be workarounded by dumping contents of mbr gap created by truecrypt and replicating the action of tc-mbr (can't be difficult)eagerly waiting to see that grub2 support that
ThanksJ. Bakshi wrote:Hello list, GRUB2 is a robust boot loader. Is it possible to have truecrypt encryption support dirctly in GRUB2 ? Then we can have truecrypt encrypted partition with linux installed and GRUB2 just decrypt itand load the kernel.Thanks _______________________________________________ Grub-devel mailing list address@hidden http://lists.gnu.org/mailman/listinfo/grub-devel_______________________________________________ Grub-devel mailing list address@hidden http://lists.gnu.org/mailman/listinfo/grub-devel
-- Regards Vladimir 'phcoder' Serbinenko
[Prev in Thread] | Current Thread | [Next in Thread] |