On 2018-04-05 19:38, 799 wrote:
Nice how-to, I'm currently writing something similar for my X230.
Would you mind adding your howto to the Qubes Community doc
repository, which we've established to work on howtos and docs until
they're easy to be migrated to the official Qubes Docs.
If you agree, I can also add your notes there, mentioning you as the
original author.
Hello, no problem as I said it is copyleft. Where's the Qubes Community
repository?
I'd like to use grub as payload but without using encrypted boot as I
am afraid to damage my production Qubes environment and loosing time
fixing it.
What do I need to do, if I would like to just use Grub and leave my
boot untouched?
As far as I understand the benefit of having Grub as payload is to be
able to encrypt /boot.
Does this mean than include that it makes no sense to run Grub instead
of SeaBIOS without having boot encrypted?
[799]
The advantage of using SeaBIOS is that it should be able to launch the
Grub on the original /boot partition which means that Grub config will
be updated with system updates and that boot options can be changed
without the need to re-flash. Also probably SeaBIOS do have more low
level configuration options similar to a vendor BIOS.
Honestly the process of encrypting /boot went far smoother than I
expected, it actually worked on the first try (even though I did a full
dd backup copy of the whole disk before and kept also a Grub entry to
boot the old way). All included it took less than a day for the
transition.
The other benefit apart from encrypting /boot is a faster boot process
i'd say and maybe a little more security: don't know if it's possible
for SeaBIOS (probably yes) but i configured Grub to ask for a user and
password for every non standard option in the menu (ex: modifying an
entry or using the command line), this way it should be very difficult
to boot an external media.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/92530580be3e308d0477f777c4895b03%40anche.no.
For more options, visit https://groups.google.com/d/optout.
