[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LUKS-encrypted root and unencrypted /boot ?
|
From: |
Benjamin Slade |
|
Subject: |
Re: LUKS-encrypted root and unencrypted /boot ? |
|
Date: |
Fri, 03 Aug 2018 11:07:19 -0600 |
|
User-agent: |
mu4e 1.1.0; emacs 26.1 |
On 2018-08-02T02:24:31-0600, Chris Marusich <address@hidden> wrote:
> > Doing a full LUKS-encryption on root, including /boot results in
> > very slow unlocking at boot (about 30 secs even with --iter set to
> > 1000). Is there any way to do an unencrypted /boot with an
> > encrypted root?
> At that stage, is it GRUB that is unlocking the encrypted volume? If
> so, I think this is normal.
> For what it's worth, GRUB is slow in unlocking my encrypted volumes,
> too. It takes about 30 seconds for me, too. If you're concerned,
> you can try using cryptsetup's --iter-time option to lower the number
> of iterations, but keep in mind that will also make it easier to
> crack your passphrase.
Originally I had --iter set to '5000' and it took about 4 minutes to
unlock! I've shifted to using an unencrypted root and an encrypted
/home as a compromise that boots faster (and only requests the password once).
--
Benjamin Slade - https://babbagefiles.xyz
`(pgp_fp: ,(21BA 2AE1 28F6 DF36 110A 0E9C A320 BBE8 2B52 EE19))
'(sent by mu4e on Emacs running under GNU/Linux . https://gnu.org )
`(Choose Linux ,(Choose Freedom) . https://linux.com )
Re: LUKS-encrypted root and unencrypted /boot ?, Chris Marusich, 2018/08/02
- Re: LUKS-encrypted root and unencrypted /boot ?,
Benjamin Slade <=