mirror of
https://github.com/tommytran732/Arch-Setup-Script
synced 2024-11-24 18:41:33 -05:00
Update README.md
This commit is contained in:
parent
825c2ce63b
commit
f21ac146ba
@ -65,4 +65,4 @@ Ideally, I could use GRUB's GPG verification for the initramfs and its configura
|
||||
|
||||
As for why LUKS1 is used, GRUB 2.06 does not work nicely with LUKS2 yet. grub-install will not make GRUB auto detect the LUKS2 partition, and GRUB itself does not support Argon2id (cryptsetup default) as of now anyways. In my opinion, it makes little sense to use GRUB with LUKS2 in its current state, thus I am using LUKS1 to avoid the headache for the time being.
|
||||
|
||||
You may also see an a keyfile being created by the script and stored at /cryptkey. This is to avoid getting 2 encryption password prompts (one for GRUB to decrypt the disk so that it can get to the kernel, the initramfs and configuration files and one for the kernel itself to start up the rest of the boot process). As the key resides on an encrypted partition (and so does the initramfs that stores a copy of it), security risks should be minimal. The only time an attacker would have access to it is when they have root, at which point you have a much, much more serious proble). The procedure I am using is describe at https://en.opensuse.org/SDB:Encrypted_root_file_system.
|
||||
You may also see an a keyfile being created by the script and stored at /cryptkey. This is to avoid getting 2 encryption password prompts (one for GRUB to decrypt the disk so that it can get to the kernel, the initramfs and configuration files and one for the kernel itself to start up the rest of the boot process). As the key resides on an encrypted partition (and so does the initramfs that stores a copy of it), security risks should be minimal. The only time an attacker would have access to it is when they have root, at which point you have a much, much more serious problem). The procedure I am using is describe at https://en.opensuse.org/SDB:Encrypted_root_file_system.
|
||||
|
Loading…
Reference in New Issue
Block a user