Hibernation and secret keys

Sven Radde email at sven-radde.de
Fri Feb 13 19:30:59 CET 2009


Michael Kesper schrieb:
>> Of course. The idea is that you can encrypt everything but the kernel
>> +initrd, which is needed in order to decrypt the partition (better said,
>> to set up the dm-crypt mapping).
>> And an USB stick could be always with you.
> What is the additional gain to having an unencrypted /boot partition on
> the same device?

"They" will have difficulties installing a keylogger if the unencrypted
/boot is always in your pocket and the HDD contains just encrypted

I wonder when Linux will be able to utilize a TPM to integrity-protect

cu, Sven

More information about the Gnupg-users mailing list