Hi Nik, Dr. Nikolaus Klepp writes:
> [...] The initrams tool provide a handy way to inspect/modify/rebuild > initrd. But the debian documentation on how initrd works is wrong: it > assumes a one part archive (which is what you would expect), but in > fact it is a 2 part archive (first part uncomressed, second > compressed). Take a look at /usr/bin/unmkinitramfs line 50 ff to see > how it works. Also look at the referenced linux/lib/earlycpio.c for > further detail. The most important point is this: processes started > in initrd survive switch_root. There goes your "full disk encryption" > myth. Not sure I understand what's going on but if you have an unencrypted /boot, you, by definition, don't have full disk encryption. I'm using libreboot as my BIOS and have *all* of /dev/md0 encrypted. My BIOS asks me for a password to decrypt whatever is in /boot. Are you implying that even in my scenario the "full disk encryption" myth goes out of my window? Hope this helps, -- Olaf Meeuwissen, LPIC-2 FSF Associate Member since 2004-01-27 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13 F43E B8A4 A88A F84A 2DD9 Support Free Software https://my.fsf.org/donate Join the Free Software Foundation https://my.fsf.org/join _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
