GRUB-based full disk encryption tip!
- Vous devez vous identifier ou créer un compte pour écrire des commentaires
This link is very helpful if you need help setting up a key file inside your initramfs so you don't have to put in your password twice.
Would you contribute to https://trisquel.info/en/wiki/full-disk-encryption-install (or a separate manual)?
No problem! I found this after reading the Libreboot manual on installing Trisquel GNU/Linux with full disk encryption (including /boot). I'm not sure how much my writing would be considered original or derivative. I'll see about requesting permission to license from the author that I found the tip from.
So it doesn't seem that I can find the original author's contact information. However, a quick web search led me to this page. It may be worth investigating the following claim from the link:
"As I understand it, when the kernel pivots to the actual root filesystem and thus no longer needs the initramfs that's loaded into RAM, it simply frees that memory without first zeroing it. That means that a process, running as any user, can just malloc ram and reads its uninitialized contents in a loop until it comes upon something that looks like your LUKS keyfile. Eventually, even if it takes multiple boots, it will succeed. This is why it's so important that an official protocol be developed between the kernel and bootloader, because then the kernel knows to treat any memory containing credentials carefully and ensure that it doesn't leak out to somewhere it shouldn't."
- Vous devez vous identifier ou créer un compte pour écrire des commentaires