[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Password and key
|
From: |
Garreau\, Alexandre |
|
Subject: |
Password and key |
|
Date: |
Wed, 27 Aug 2014 13:29:17 +0200 |
|
User-agent: |
Gnus (5.13), GNU Emacs 24.3.50.1 (x86_64-pc-linux-gnu) |
Hello, I’m trying to set up a secure —the most I can— X60t with
libreboot on it and GRUB as a payload. GNUtoo recommended me to set a
password to GRUB to stop potential attacker to execute any code on the
machine that could reflash the SPI chip, and then to encrypt the
*entire* disk and decrypt it with GRUB only.
I can see his GRUB configuration on Parabola wiki, here:
<https://wiki.parabolagnulinux.org/User:GNUtoo/laptop#Coreboot_Setup>. But
I don’t understand what are “cryptdevice” or “cryptkey” args…
Also, he found a way to integrate the decryption key in the initramfs of
Parabola so that he only has to enter it within GRUB, and not again
while boot. I’d have two questions:
a) since I don’t know yet how to put the key in the Debian initramfs, is
there a way to pass it as an argument to Linux instead? so that it’s
more portable and I only have to set up correctly GRUB and not have to
remember modifying the distro I install?
b) is there a way to set up the GRUB password and decryption key the
same so that the GRUB password can be used by cryptomount so that I only
enter one password once?
Thanks for any help ^^
signature.asc
Description: PGP signature
- Password and key,
Garreau\, Alexandre <=