Hi folks!
I've been playing with Debian Testing (Trixie) in the last few days.
I noticed different encryption operations in different installers:
When I use a classic text-based Debian-Installer, encrypting creates a classic scheme:
- unencrypted
/boot partition
- main
/ partition encrypted LUKS2
When I use the Calamares installer after starting the LIVE system, a completely different encryption scheme is created:
- both partitions are encrypted, but only "old" LUKS1
Advantage:
Disadvantage:
- GRUB password monit is terrible and unattractive
- LUKS1 is less modern than LUKS2 (GRUB2 only supports older version LUKS1)
- lack of ability to manage multiple keys
Since I would like to plan correctly the future implementation of LMDE7 and the management of several dozen machines, I have a question:
Will the LMDE7 installer perform a classic encryption scheme (like LMDE6 for example, meaning unencrypted /boot + LUKS2 for /), or will it encrypt /boot in LUKS1 version like Calamares?
Personally I prefer classic "old" solutions with LUKS2 and unencrypted /boot.
Partition /boot can be protected with a chkboot package.
Cheers!
Hi folks!
I've been playing with Debian Testing (Trixie) in the last few days.
I noticed different encryption operations in different installers:
When I use a classic text-based Debian-Installer, encrypting creates a classic scheme:
/bootpartition/partition encrypted LUKS2When I use the Calamares installer after starting the LIVE system, a completely different encryption scheme is created:
Advantage:
/bootDisadvantage:
Since I would like to plan correctly the future implementation of LMDE7 and the management of several dozen machines, I have a question:
Will the LMDE7 installer perform a classic encryption scheme (like LMDE6 for example, meaning unencrypted
/boot+ LUKS2 for/), or will it encrypt/bootin LUKS1 version like Calamares?Personally I prefer classic "old" solutions with LUKS2 and unencrypted /boot.
Partition /boot can be protected with a
chkbootpackage.Cheers!