[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: truecrypt support in grub ?

From: Vladimir 'phcoder' Serbinenko
Subject: Re: truecrypt support in grub ?
Date: Mon, 4 May 2009 15:42:35 +0200

On Mon, May 4, 2009 at 2:27 PM, Chip Panarchy <address@hidden> wrote:
So I've got to use LUKS & FreeOTFE?
FreeOTFE has a function which allows reading sectors from a device without authentication. This way the whole application security is blown away (not like the were a big deal of it, it's windows).  I informed Sarah Dean that because of this function FreeOTFE is an application which destroys the security instead of enhancing it. However it looks like she doesn't understand the gravity of the problem and assumes only a threat of laptop steal and not much more common threats like viruses or trojans (it is windows, he-he)

Seems a little hard... seeing as the different file-systems I need to
encrypt, including;

Ext3, HFS+, Ext4, NTFS, UFS2 & ZFS
You can encrypt any FS with any full-disk-encryption. The encryption doesn't care what you put on it.

Any other drive encryption tools you'd like to suggest, or should I
stick to TrueCrypt (will start using it once all my OSs are working
 What you say is quite out of sync with reality. I don't know any program able to boot two different OSes encrypted with it. (I don't speak about reading volumes, I speak about booting). Additionally such a setup is less secure than encrypting every OS separately since if one OS is compomised it's somewhat contained (not entirely true actually). AFAIK till date noone was able to boot Darwin or OSX from encrypted volume.
But encrypting every OS on a harddrive is really an overkill. Remember that encryption only addresses a small set of threats all of them involving physical access to your hardware. It's not like some marketing employes who make the people believe that pronouncing the word AES three times a day makes your computer secure. I doubt that you use more than one or at most two OSes for regular data work. I suppose the rest is just your experimental OSes. Encrypting experimental OS is just more headache and waste of resources. The setup I recommend is:
GPT-partitioned disk:
-BIOS or EFI boot partition holding embeded part of grub or grub.efi
 BIOS partition is typically 1 MiB in size. EFI partition is typically 100MiB in size (but 10 MiB should be enough)
-GRUB /boot partition holding grub modules and linux kernels and initrds. Optionally also holding information related to booting of other OSes
-Linux root, swap and home on lvm on luks
-Optionally a FAT partition used to transfer data between OSes
-Experimental OSes

And please next time inform yourself before suggesting any feature requests. Best feature request is the one containing a patch with it. Second best is the one containing detailed info with it

Anyway this discussion goes away from grub so please don't continue it here.

Vladimir 'phcoder' Serbinenko

reply via email to

[Prev in Thread] Current Thread [Next in Thread]