[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LUKS-encrypted root and unencrypted /boot ?

From: Benjamin Slade
Subject: Re: LUKS-encrypted root and unencrypted /boot ?
Date: Fri, 03 Aug 2018 11:07:19 -0600
User-agent: mu4e 1.1.0; emacs 26.1

On 2018-08-02T02:24:31-0600, Chris Marusich <address@hidden> wrote:

 > > Doing a full LUKS-encryption on root, including /boot results in
 > > very slow unlocking at boot (about 30 secs even with --iter set to
 > > 1000). Is there any way to do an unencrypted /boot with an
 > > encrypted root?

 > At that stage, is it GRUB that is unlocking the encrypted volume?  If
 > so, I think this is normal.

 > For what it's worth, GRUB is slow in unlocking my encrypted volumes,
 > too.  It takes about 30 seconds for me, too.  If you're concerned,
 > you can try using cryptsetup's --iter-time option to lower the number
 > of iterations, but keep in mind that will also make it easier to
 > crack your passphrase.

Originally I had --iter set to '5000' and it took about 4 minutes to
unlock!  I've shifted to using an unencrypted root and an encrypted
/home as a compromise that boots faster (and only requests the password once).

Benjamin Slade -
  `(pgp_fp: ,(21BA 2AE1 28F6 DF36 110A 0E9C A320 BBE8 2B52 EE19))
    '(sent by mu4e on Emacs running under GNU/Linux . )
       `(Choose Linux ,(Choose Freedom) . )

reply via email to

[Prev in Thread] Current Thread [Next in Thread]