В Mon, 29 Jun 2015 16:01:08 -0600 Chris Murphy <lists@colorremedies.com> пишет:
This describes how to have encrypted /boot with single passphrase unlock (rather than twice, once for GRUB and once for Linux). It uses a key file which is on the encrypted volume. http://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/
It is Arch specific, dracut does have cryptdevice option.
The problem at the moment on openSUSE is it seems you can't have non-LVM LUKS volumes (just standard partitions). That poses a problem for encrypted Btrfs, so I wonder how that's supposed to work?
The GRUB crypto work seems solid, even grub-mkconfig appears to recognize it's on a LUKS volume, and sets up the grub.cfg correctly. It makes the unencrypted, separate /boot seem antiquated. And also in a Btrfs context where we want /boot snapshot along with /lib/modules so they're in parity, is kinda important.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org