[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GRUB & crypto? (& generally, more info on undocumented modules?)

From: Jordan Uggla
Subject: Re: GRUB & crypto? (& generally, more info on undocumented modules?)
Date: Thu, 18 Dec 2014 16:52:46 -0800

On Thu, Dec 18, 2014 at 12:48 PM, Diagon <address@hidden> wrote:
> Reading through the manual, I'm finding mysterious mention of the use of
> crypto with grub. eg. section 11.1, "How to specify devices" mentions
> (crypto0) or (cryptouuid/xxxxxxxxxxx) specifications.
> I'm also seeing modules in my /boot/grub (Ubuntu) that are undocumented in
> the manual, but include "crypto.mod" and a "gcry_xxxx.mod" that indicate
> many crypto operations.
> I am used to having to unlock crypto disks through user-space operations
> that take place through programs that are embedded in an initramfs, so I'm
> curious about what all these modules do or what use specifying crypto
> devices might be.  Can someone direct me to documentation?

"info grub" will give you the manual for the version of grub you have
installed, which is likely more recent than grub 2.00 and contains
some info about LUKS and GELI support.

Grub can read files from LUKS and GELI volumes, but only FreeBSD's
kernel currently has a protocol for passing credentials from grub to
the kernel, so if you're using GNU/Linux and you use grub's LUKS
support to read your kernel from your LUKS encrypted root, you will
need to enter your password twice at boot: Once for grub, and again
for linux.

It rarely makes sense to encrypt /boot/ though, as there shouldn't be
anything sensitive in /boot/ (the kernel sources that your kernel was
built from are already public).

> More generally, there are a bunch of other modules in my /boot/grub that are
> undocumented.  I'd like to know more about what they do.

There isn't currently a list of what every grub module does. If you
volunteer to improve the documentation I'd be happy to help you get
all of the information to do so, but unless it's going to lead to
better documentation I don't have the motivation to do so (maybe
someone else will) and I'm not currently motivated enough to write
that documentation myself. (Not to mention that there are other areas
I'd rather be documenting first if I were to jump into documentation

If you are willing to help update the documentation that would be very
appreciated. While it's improved recently, grub's documentation could
still use a lot of help.

> Thanks!
> /D
> _______________________________________________
> Help-grub mailing list
> address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]