Re: truecrypt support in grub ?

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: truecrypt support in grub ?

From:	phcoder
Subject:	Re: truecrypt support in grub ?
Date:	Thu, 16 Apr 2009 18:27:33 +0200
User-agent:	Thunderbird 2.0.0.21 (X11/20090409)

J. Bakshi wrote:

On Wed, 15 Apr 2009 18:25:27 +0200
phcoder <address@hidden> wrote:

Michael Gorven has already implemented LUKS support for grub2.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

really nice to know. But does it still required /boot partition as un-encrypted 
?

It's already able to load kernels from encrypted partition. For themoment it's too big to fit to mbr gap but in perspective it could besqueezed enough. Then you don't need unencrypted partitions at all. Fornow if you want to do this you need to leave some space before the firstpartition.Be aware that even if such configuration is nice it doesn't increasesecurity in any way. The easiest attack is to replace grub with arecompiled grub which additionally writes password somewhere on the disk

Usingtruecrypt with linux partitions is a bad idea - this encryption isn'tnative to it in any way and also truecrypt is under GPL-incompatiblelicence which means it's unlikely to be incorporated to grub (you
need to figure out the on-disk layout of truecrypt and then
reimplement it from scratch (but you can reuse ciphers from luks
implementation)). If all you want is boot windows installed on
truecrypt partition then the best way is to chainload truecrypt
booter. I haven't yet looked in it myself but it seems that truecrypt
booter uses mbr gap too which conflicts with grub. However it can be
workarounded by dumping contents of mbr gap created by truecrypt and
replicating the action of tc-mbr (can't be difficult)
eagerly waiting to see that grub2 support that

Why don't you help us with that? Install truecrypt, dump mbr and mbrgap. Disassemble mbr and send an explanation of what it does in plainenglish here

Thanks

J. Bakshi wrote:

Hello list,

GRUB2 is a robust boot loader. Is it possible to have truecrypt
encryption support dirctly in GRUB2 ? Then we can have truecrypt
encrypted partition with linux installed and GRUB2 just decrypt it

and load the kernel.

Thanks


_______________________________________________
Grub-devel mailing list
address@hidden
http://lists.gnu.org/mailman/listinfo/grub-devel



_______________________________________________
Grub-devel mailing list
address@hidden
http://lists.gnu.org/mailman/listinfo/grub-devel



--

Regards
Vladimir 'phcoder' Serbinenko

[Prev in Thread]

Current Thread

[Next in Thread]

truecrypt support in grub ?, J. Bakshi, 2009/04/15
- Re: truecrypt support in grub ?, Chip Panarchy, 2009/04/15
- Re: truecrypt support in grub ?, phcoder, 2009/04/15
  - Re: truecrypt support in grub ?, J. Bakshi, 2009/04/16
    - Re: truecrypt support in grub ?, phcoder <=
    - Re: truecrypt support in grub ?, Michael Gorven, 2009/04/16
    - Re: truecrypt support in grub ?, phcoder, 2009/04/16
    - Re: truecrypt support in grub ?, Alon Bar-Lev, 2009/04/16

Prev by Date: Re: truecrypt support in grub ?
Next by Date: Re: truecrypt support in grub ?
Previous by thread: Re: truecrypt support in grub ?
Next by thread: Re: truecrypt support in grub ?
Index(es):
- Date
- Thread