Date: Fri, 27 Mar 2015 09:40:03 +0100 (CET) From: Wojciech Puchar <wojtek@puchar.net> To: d@delphij.net Cc: "<freebsd-hackers@freebsd.org>" <freebsd-hackers@freebsd.org>, Pedro Arthur <bygrandao@gmail.com> Subject: Re: GELI support on /boot folder Message-ID: <alpine.BSF.2.20.1503270939100.719@laptop.wojtek.intra> In-Reply-To: <55149D12.6070602@delphij.net> References: <CAKN1MR54TCWZa_wSLAe63fxVF6248yr_aKkg-T0WtxHzaiLkyw@mail.gmail.com> <55149D12.6070602@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>> in bootloader as a GSoC project, thus the /boot folder could be >> encrypted. > > What's the benefit of encrypting /boot? If it's encrypted, will the exactly none. > (Use passphrase only is a bad idea because that would mean we > essentially encrypt different data with the same key, if two encrypted > providers both use the same passphrase. This is probably not a big i use passphrase for root filesystem, put keyfiles generated from /dev/urandom on it and use for other filesystems.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.20.1503270939100.719>