[clue] revisiting boot partition and LVM + grub
Kevin Fenzi
kevin at scrye.com
Mon Mar 12 18:25:40 MDT 2012
On Mon, 12 Mar 2012 18:20:41 -0600
"David L. Anselmi" <anselmi at anselmi.us> wrote:
> Kevin Fenzi wrote:
> > There's still one reason for a seperate /boot these days:
> >
> > encrypted / parition. You need boot to be available and unencrypted
> > so you can load an initrd to unlock your encrypted root
> > partition. ;)
>
> Is there a reason why you'd want the stock files under /
> (/etc, /usr, /var, /bin, /lib, etc) to be encrypted? Other than the
> simplicity of using one partition for those and the stuff you care
> about?
Several reasons:
- You may not realize what places things are written... tmp files could
well be written to the unencrypted partition.
- If your OS is unencrypted an attacker with physical access could boot
your machine and tamper with it and later gain access to your
encrypted data.
- Your OS or other unencrypted partitions could well provide
information even if they don't provide full data.
it's just easier to encrypt the entire thing IMHO.
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
Url : http://cluedenver.org/pipermail/clue/attachments/20120312/f9f2aa85/attachment.bin
More information about the clue
mailing list