Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 27 Mar 2015 09:40:03 +0100 (CET)
From:      Wojciech Puchar <wojtek@puchar.net>
To:        d@delphij.net
Cc:        "<freebsd-hackers@freebsd.org>" <freebsd-hackers@freebsd.org>, Pedro Arthur <bygrandao@gmail.com>
Subject:   Re: GELI support on /boot folder
Message-ID:  <alpine.BSF.2.20.1503270939100.719@laptop.wojtek.intra>
In-Reply-To: <55149D12.6070602@delphij.net>
References:  <CAKN1MR54TCWZa_wSLAe63fxVF6248yr_aKkg-T0WtxHzaiLkyw@mail.gmail.com> <55149D12.6070602@delphij.net>

next in thread | previous in thread | raw e-mail | index | archive | help
>> in bootloader as a GSoC project, thus the /boot folder could be
>> encrypted.
>
> What's the benefit of encrypting /boot?  If it's encrypted, will the

exactly none.

> (Use passphrase only is a bad idea because that would mean we
> essentially encrypt different data with the same key, if two encrypted
> providers both use the same passphrase.  This is probably not a big

i use passphrase for root filesystem, put keyfiles generated from 
/dev/urandom on it and use for other filesystems.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.20.1503270939100.719>