Full disk encryption without root partition
rwmaillists at googlemail.com
Sat Dec 29 23:26:05 UTC 2012
On Sat, 29 Dec 2012 22:43:29 +0100
Martin Laabs wrote:
> >> Are there any plans or is there already support for full
> >> disk encryption without the need for a boot partition?
> Well - what would be your benefit? OK - you might not create another
> partition but I think this is not the problem.
> From the point of security you would not get any improvement because
> type of software has to be unencrypted. And this software could be
> manipulated to do things like e.g. send the encryption key to
> <attacker>. So from this point of view there is no difference whether
> the kernel is unencrypted or any other type of software (that runs
> before the kernel) is unencrypted.
And the advantage of putting the boot partition on a memory stick is
that it's much easier to keep such a device physically secure.
Bootstrapping code on the main hard drive is easier to attack. IIRC
someone demonstrated such an attack against one of the commercial
More information about the freebsd-questions