[systemd-devel] Best practices for full disk encryption with dm-crypt/LUKS
Lennart Poettering
lennart at poettering.net
Tue Feb 20 16:13:28 UTC 2018
On Di, 20.02.18 07:17, Paul Menzel (pmenzel+systemd-devel at molgen.mpg.de) wrote:
> > If your kernel or initrd are located on encrypted filesystem you need
> > bootloader that can read them.
>
> And can systemd-boot read it?
sd-boot is ultimately just a dumb menu program. It just enumerates
kernels and runs them. The file system support is the firmware's own
FAT driver or whatever else it supports. It doesn't do anything hard
really, it comes with no device or file system drivers on its.
hence: if your firmware doesn't support encrypted file systems then
sd-boot won't support it either. And most likely your firmware does
not support that.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list