[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Can grub-git be used to decrypt a LUKS2 encrypted partition? Testing
|
From: |
Patrick Steinhardt |
|
Subject: |
Re: Can grub-git be used to decrypt a LUKS2 encrypted partition? Testing Results |
|
Date: |
Sun, 30 Aug 2020 20:19:08 +0200 |
On Sun, Aug 30, 2020 at 03:30:39PM +0000, HardenedArray via Grub-devel wrote:
> As a direct consequence of your valuable `--modules=` input, I have
> taken the time and attempted to carefully document my entire LUKS2
> unlocking encrypted /boot process for the benefit of others, similarly
> situated.
Great to have some documentation of the process, thanks!
> My procedure and comments are posted at:
> https://aur.archlinux.org/packages/grub-git/ under an intentionally
> Five Eyes 'unlinked' nick. I know you understand.
>
> Please take a moment to review my boot sequence comments within Step
> 11 and following Step 13, both of which are in concordance with my
> understanding of the GRUB encrypted /boot unlocking sequence.
>
> If either statement needs modification, please let me know, as I do
> not want others to adopt an incorrect understanding of how both GRUB
> and the kernel go about unlocking Keyslot 1, then Keyslot 0.
I did a quick read and things look mostly fine. Partitions may obviously
change between installation, but I guess people can figure that out on
their own.
> Patrick, I've also noted Eli's further input, immediately below.
>
> Given that you now know exactly how I've encrypted / and how I unlock
> my encrypted: /boot, swap and /, if you can indeed 'hack' a suitable
> `grub-mkimage` command for me to test, I would be happy to test it.
I currently don't have any available, sorry. I never did the custom
config thing yet, even though it shouldn't be too hard. I hope to find
some time in the next few days to give it a test and will report back.
> However, please be sure to tell me whether you intend any such
> `grub-mkimage` directive to be a REPLACEMENT for `grub-mkconfig` or as
> a supplemental command.
It's not a replacement of `grub-mkconfig`, but is part of what
`grub-install` does. `grub-mkimage` will create the executable loaded by
your bootloader, which includes any pre-loaded modules as well as the
early boot config. `grub-mkconfig` will create the configuration that's
used after this early boot step and is loaded when you execute `normal`.
Patrick
signature.asc
Description: PGP signature
- Re: Can grub-git be used to decrypt a LUKS2 encrypted partition? Testing Results, (continued)
- Re: Can grub-git be used to decrypt a LUKS2 encrypted partition? Testing Results, Glenn Washburn, 2020/08/28
- Re: Can grub-git be used to decrypt a LUKS2 encrypted partition? Testing Results, Patrick Steinhardt, 2020/08/29
- Re: Can grub-git be used to decrypt a LUKS2 encrypted partition? Testing Results, HardenedArray, 2020/08/29
- Re: Can grub-git be used to decrypt a LUKS2 encrypted partition? Testing Results, Patrick Steinhardt, 2020/08/29
- Re: Can grub-git be used to decrypt a LUKS2 encrypted partition? Testing Results, Eli Schwartz, 2020/08/29
- Re: Can grub-git be used to decrypt a LUKS2 encrypted partition? Testing Results, HardenedArray, 2020/08/30
- Re: Can grub-git be used to decrypt a LUKS2 encrypted partition? Testing Results,
Patrick Steinhardt <=
- Re: Can grub-git be used to decrypt a LUKS2 encrypted partition? Testing Results, Patrick Steinhardt, 2020/08/30
- Re: Can grub-git be used to decrypt a LUKS2 encrypted partition? Testing Results, HardenedArray, 2020/08/30
- Re: Can grub-git be used to decrypt a LUKS2 encrypted partition? Testing Results, Patrick Steinhardt, 2020/08/30