Re: Protection of boot sector and embedded area

[James Courtier-Dutton]

2009/9/26 Vladimir 'phcoder' Serbinenko <address@hidden>:
> James Courtier-Dutton wrote:
>> 2009/9/26 Vladimir 'phcoder' Serbinenko <address@hidden>:
>>
>>> It's generally a bad idea to chase grub out of MBR+embed area. It often
>>> results in unreliable configurations. Could you detail your usecase so
>>> we can seek for a bettere solution?
>>>
>>
>> The other thing sitting in the embedded area is a whole disc encryption 
>> product.
>> It takes up about 60 sectors of the 64 sectors of the embedded area.
>>
> I guess you speak about truecrypt. In this case the solution I would
> recommend is to make grub load truecrypt's embedding area from a file on
> the disk (it probably can be extracted from truecrypt w/o installing
> booter). It's not a difficult task, just nobody did it yet (volunteers
> are welcome).
> Beware that truecrypt is distributed under a license which has legal
> danger to the end user.
> https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt
> Of course it's your choice to use it or not but I would suggest to avoid
> such software especially for the data you need to protect

It is not truecrypt.
I would argue that a "full disk encryption" product should be in the
boot sector/embedded area and everything else, even grub should load
after it.