| brocashelm | i did an install of refracta to a 64 gb usb thumb drive, with /home and / encrypted. is there no way to use the installer to also encrypt /boot partition? | 05:50 |
|---|---|---|
| CueXXIII | brocashelm: how would the bios load the boot loader and kernel from an encrypted partition? | 07:56 |
| gnarface | i seem to vaguely recall hearing it was possible but only if you' | 08:15 |
| gnarface | ...only if you're not using UEFI | 08:16 |
| gnarface | but maybe not with the installer | 08:16 |
| gnarface | maybe you still have to do something by hand | 08:16 |
| gnarface | not sure what that would be | 08:16 |
| brocashelm | it's all legacy boot/mbr | 08:35 |
| brocashelm | it's not a big deal, but nice to at least have if i'm paranoid that an attacker has the usb and can at least get to the /boot partition | 08:36 |
| brocashelm | i always use refractainstaller (whether TUI or GUI) to install devuan/refracta | 08:37 |
| brocashelm | i know lynis suggests an encrypted /boot partition for hardening | 08:37 |
| CueXXIII | hard disk firmware might be able to do hardware encryption, which can be unlocked by the bios asking for a password, but i doubt usb sticks contain the same feature | 08:39 |
| CueXXIII | but you can't have the code that decrypts the system in the encrypted part | 08:43 |
| CueXXIII | and devuan is using luks to set up encrypted partition, so you need a running kernel and cryptsetup userland (usually in the initrd) to decrypt the system, which must be available unencrypted | 08:44 |
| al1r4d | Hey | 10:59 |
| al1r4d | Looks like devuan iso from jing rocks broken | 10:59 |
| al1r4d | i tried netinstall and server | 11:02 |
| al1r4d | Both wont detected media installer | 11:02 |
| al1r4d | o_o | 11:02 |
| al1r4d | My sha256 is same as on there | 11:03 |
| rrq | al1r4d: I replied at DNG, but if you're here we could pursue it here :) | 13:06 |
| rrq | do you know which kernel modules are needed for the device to install from? | 13:07 |
| Xenguy | rrq, I'm going to go ahead and assume there's no problem with that mirror | 14:44 |
| rrq | yes; afaiu the sha256sum checks out | 15:00 |
| al1r4d | ¯\_ (ツ) _/¯ | 19:08 |
| al1r4d | I never tinker the kernel.modules | 19:08 |
| al1r4d | sha256sum is same | 19:08 |
| al1r4d | by the way, previous months ago, i was successfuly migrated from debian bookworm to devuan daedalus | 19:09 |
| al1r4d | and now i'm on debian bookworm again.. | 19:09 |
| al1r4d | i tried migrated to devuan daedalus and failed | 19:10 |
| al1r4d | I'm stuck on sysvinit-core because i cant install due to unable to remove systemd | 19:10 |
| al1r4d | no no.. init or something.. I dont know.. Then i reinstalling again debian | 19:10 |
| Xenguy | al1r4d, That bug report looks a bit like swiss cheese to me | 21:36 |
| rrq | al1r4d: if you want to work out what makes a problem for using a Devuan installer ISO, we can do that. Also fine if you don't want to work it out. | 23:32 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!