On May 25, 2017 1:04:07 PM GMT+02:00, Kai Krakow <hurikha...@gmail.com> wrote: >Am Thu, 25 May 2017 08:34:10 +0200 >schrieb "J. Roeleveld" <jo...@antarean.org>: > >> It is possible. I have it set up like that on my laptop. >> Apart from a small /boot partition. The whole drive is encrypted. >> Decryption keys are stored encrypted in the initramfs, which is >> embedded in the kernel. > >And the kernel is on /boot which is unencrypted, so are your encryption >keys. This is not much better, I guess...
A file full of random characters is encrypted using GPG. Unencrypted, this is passed to cryptsetup. The passphrase to decrypt the key needs to be entered upon boot. How can this be improved? -- Joost -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
