Re: GRUB & crypto? (& generally, more info on undocumented modules?)

[Andrei Borzenkov]

В Thu, 18 Dec 2014 23:28:08 -0800
Diagon <address@hidden> пишет:

> ---- On Thu, 18 Dec 2014 22:15:32 -0800 Andrei Borzenkov<address@hidden> 
> wrote ---- 
>  > В Thu, 18 Dec 2014 16:52:46 -0800 
>  > Jordan Uggla <address@hidden> пишет: 
>   
>  > > Grub can read files from LUKS and GELI volumes, but only FreeBSD's 
>  > > kernel currently has a protocol for passing credentials from grub to 
>  > > the kernel, so if you're using GNU/Linux and you use grub's LUKS 
>  > > support to read your kernel from your LUKS encrypted root, you will 
>  > > need to enter your password twice at boot: Once for grub, and again 
>  > > for linux. 
>  
>  > There are patches to support use of keyfile; this could improve 
>  > situation for by allowing shared keyfile between GRUB and Linux and 
>  > unattended decryption.
> 
> That's interesting.  Could you point me to the patches?
> 

http://grub.johnlane.ie/

> Andrei - Jordan doesn't see a use case for this, though in my point of view I 
> just want to get as much into my encrypted disk as possible, leaving as 
> little visible as I can.  Do you have a view on this?

I would not do it myself, but I see it as valid use case.