From mboxrd@z Thu Jan 1 00:00:00 1970 From: Benjamin Slade Subject: Re: LUKS-encrypted root and unencrypted /boot ? Date: Fri, 03 Aug 2018 11:05:05 -0600 Message-ID: <87a7q3fkji.fsf@jnanam.net> References: <87in4tgbg4.fsf@jnanam.net> <87effh8d94.fsf@lassieur.org> Mime-Version: 1.0 Content-Type: text/plain Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:58862) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fldVo-0004gO-U7 for help-guix@gnu.org; Fri, 03 Aug 2018 13:05:13 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fldVl-0004hY-06 for help-guix@gnu.org; Fri, 03 Aug 2018 13:05:12 -0400 Received: from mail-io0-x243.google.com ([2607:f8b0:4001:c06::243]:40012) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fldVk-0004gw-Pq for help-guix@gnu.org; Fri, 03 Aug 2018 13:05:08 -0400 Received: by mail-io0-x243.google.com with SMTP id l14-v6so5552810iob.7 for ; Fri, 03 Aug 2018 10:05:08 -0700 (PDT) In-reply-to: <87effh8d94.fsf@lassieur.org> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org Sender: "Help-Guix" To: =?utf-8?Q?Cl=C3=A9ment?= Lassieur Cc: help-guix@gnu.org > Do you use Libreboot? Yes, I'm using Libreboot. Does this make a great difference over the manufacturer firmware in this case? > I'm unsure [using an unencrypted /boot] would help, because GRUB > would still have to unencrypt / to access the kernel (the kernel is > in /gnu/store). Ah, I see. Is this an immutable design decision? It would seem good to be able to keep the kernel in a separate space in order to avoid the issue of extremely long unlocking times when booting. -- Benjamin Slade - https://babbagefiles.xyz `(pgp_fp: ,(21BA 2AE1 28F6 DF36 110A 0E9C A320 BBE8 2B52 EE19)) '(sent by mu4e on Emacs running under GNU/Linux . https://gnu.org ) `(Choose Linux ,(Choose Freedom) . https://linux.com )