From mboxrd@z Thu Jan  1 00:00:00 1970
From: =?utf-8?Q?Cl=C3=A9ment?= Lassieur <clement@lassieur.org>
Subject: Re: LUKS-encrypted root and unencrypted /boot ?
Date: Sat, 04 Aug 2018 17:48:16 +0200
Message-ID: <87va8qi14v.fsf@lassieur.org>
References: <87in4tgbg4.fsf@jnanam.net> <87effh8d94.fsf@lassieur.org>
	<87a7q3fkji.fsf@jnanam.net> <878t5n8eob.fsf@lassieur.org>
	<87effef8u3.fsf@jnanam.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:58628)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <clement@lassieur.org>) id 1flyn1-0004lb-5O
	for help-guix@gnu.org; Sat, 04 Aug 2018 11:48:23 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <clement@lassieur.org>) id 1flymx-0004Pb-VZ
	for help-guix@gnu.org; Sat, 04 Aug 2018 11:48:23 -0400
Received: from mail.lassieur.org ([83.152.10.219]:59634)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <clement@lassieur.org>)
	id 1flymx-0004PB-Kb
	for help-guix@gnu.org; Sat, 04 Aug 2018 11:48:19 -0400
In-reply-to: <87effef8u3.fsf@jnanam.net>
List-Id: <help-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-guix>,
	<mailto:help-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/help-guix/>
List-Post: <mailto:help-guix@gnu.org>
List-Help: <mailto:help-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-guix>,
	<mailto:help-guix-request@gnu.org?subject=subscribe>
Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org
Sender: "Help-Guix" <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
To: Benjamin Slade <beoram@gmail.com>
Cc: help-guix@gnu.org

Benjamin Slade <beoram@gmail.com> writes:

> Thanks, Cl=C3=A9ment.

You're welcome!

>  > >  > Do you use Libreboot?
>  > >
>  > > Yes, I'm using Libreboot. Does this make a great difference over the
>  > > manufacturer firmware in this case?
>
>  > It might, because the GRUB used is the one shipped with Libreboot.
>  > So it has nothing to do with Guix.  I think talking to the libreboot
>  > people would help you more.  (Disclaimer: I have the same issue, I
>  > find that pressing 'c' and typing 'cryptomount ahci0,gpt3' makes the
>  > process faster.)
>
> Thanks, I'll look into that. For the moment I've just switched to having
> an unencrypted root and encrypted /home partition (where the swapfile
> also lives),

> ...which seems to me better from a security standpoint (I can
> use --iter 500, sha512, &c. without an issue).

But it's easier put a malware in an unencrypted root ;)