Hi! Michael Kesper schrieb: >> Of course. The idea is that you can encrypt everything but the kernel >> +initrd, which is needed in order to decrypt the partition (better said, >> to set up the dm-crypt mapping). >> And an USB stick could be always with you. > > What is the additional gain to having an unencrypted /boot partition on > the same device?
"They" will have difficulties installing a keylogger if the unencrypted /boot is always in your pocket and the HDD contains just encrypted gibberish. I wonder when Linux will be able to utilize a TPM to integrity-protect /boot. cu, Sven _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
