Hibernation and secret keys
Sven Radde
email at sven-radde.de
Fri Feb 13 19:30:59 CET 2009
Hi!
Michael Kesper schrieb:
>> Of course. The idea is that you can encrypt everything but the kernel
>> +initrd, which is needed in order to decrypt the partition (better said,
>> to set up the dm-crypt mapping).
>> And an USB stick could be always with you.
>
> What is the additional gain to having an unencrypted /boot partition on
> the same device?
"They" will have difficulties installing a keylogger if the unencrypted
/boot is always in your pocket and the HDD contains just encrypted
gibberish.
I wonder when Linux will be able to utilize a TPM to integrity-protect
/boot.
cu, Sven
More information about the Gnupg-users
mailing list