On Friday January 8 2010 4:41:54 am Sjors van der Pluijm wrote: > Just found out that /boot should not be in LVM because bootloaders might > not understand it. /boot unencrypted does not seem to be the end of the > world. http://tldp.org/HOWTO/LVM-HOWTO/benefitsoflvmsmall.html
Since we are being paranoid, what happens if the NSA breaks into your home when you are asleep and installs a hypervisor on your /boot that records your password/keyfile next time you derypt? The way that I have heard to prevent this type of attack is to store checksums of every file in /boot on the encrypted partition and then verify those checksums on startup. MM -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
