[systemd-devel] Best practices for full disk encryption with dm-crypt/LUKS
Andrei Borzenkov
arvidjaar at gmail.com
Tue Feb 20 04:41:00 UTC 2018
20.02.2018 01:16, Paul Menzel пишет:
> Dear systemd folks,
>
>
> Having a system with UEFI, what is the state of the art to use full disk
> encryption? I read the article in the Arch Linux wiki [1], and it still
> using GRUB. There is an blog post from 2016 using systemd-boot [2].
>
If your kernel or initrd are located on encrypted filesystem you need
bootloader that can read them.
> If there was a way without LVM, I’d prefer that.
>
It has always been possible, the question is to which extent individual
distributions made it easy to setup. openSUSE Tumbleweed/Leap 15
installer finally offers native encryption of plain partition without LVM.
> Are there new programs or features in the systemd ecosystem making the
> setup easy?
>
I'd say it is more initramfs implementation question - initramfs is
responsible for actually mounting your root.
>
> Kind regards,
>
> Paul
>
>
> [1]
> https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system
> [2]
> https://blog.urbanslug.com/posts/2016-09-11-dm-crypt-systemd-boot-and-efi-on-archlinux.html
>
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
More information about the systemd-devel
mailing list