On 12/21/18, g4sra via Dng <dng@lists.dyne.org> wrote: > Thanks for the video, it took me more than three attempts :P. > I had existing partitions on the drive that I needed to keep so did not > go near the 'use entire disk' option. The partitioning in the video does > not encrypt the entire disk, it leaves /boot outside. Kernel and initrd > are exposed giving a potential attack vector.
Yes, it's confusing. And yes, I made the video before I knew how to do full disk encryption. I thought d-i did it correctly, but I might be remembering wrong. I know refractainstaller will do full disk encryption and add the cryptodisk line to /etc/default/grub. It won't edit cryptsetup.functions for you to help with shutdown. I've seen a few different fixes for that. If it's not fixed upstream, I guess I should pick one. fsr _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng