[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Password and key
From: |
Andrei Borzenkov |
Subject: |
Re: Password and key |
Date: |
Wed, 27 Aug 2014 19:22:23 +0400 |
В Wed, 27 Aug 2014 13:29:17 +0200
"Garreau\, Alexandre" <address@hidden> пишет:
> Hello, I’m trying to set up a secure —the most I can— X60t with
> libreboot on it and GRUB as a payload. GNUtoo recommended me to set a
> password to GRUB to stop potential attacker to execute any code on the
> machine that could reflash the SPI chip, and then to encrypt the
> *entire* disk and decrypt it with GRUB only.
>
> I can see his GRUB configuration on Parabola wiki, here:
> <https://wiki.parabolagnulinux.org/User:GNUtoo/laptop#Coreboot_Setup>. But
> I don’t understand what are “cryptdevice” or “cryptkey” args…
>
They are unrelated to grub and interpreted by initrd of your
distribution.
> Also, he found a way to integrate the decryption key in the initramfs of
> Parabola so that he only has to enter it within GRUB, and not again
> while boot. I’d have two questions:
>
> a) since I don’t know yet how to put the key in the Debian initramfs, is
> there a way to pass it as an argument to Linux instead? so that it’s
> more portable and I only have to set up correctly GRUB and not have to
> remember modifying the distro I install?
>
Again - you have to ask your distribution. OTOH having key in plain
text (or even reversible encryption) laying on your disk somehow
defeats its purpose ...
> b) is there a way to set up the GRUB password and decryption key the
> same so that the GRUB password can be used by cryptomount so that I only
> enter one password once?
>
Unfortunately, no - user authentication and cryptomount are not passing
any information. Could be idea for next release.
> Thanks for any help ^^
signature.asc
Description: PGP signature
- Password and key, Garreau\, Alexandre, 2014/08/27
- Re: Password and key,
Andrei Borzenkov <=