-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2016-11-16 13:31, Fred wrote:
> A good time to ask if Qubes encrypts /boot in it's LUKS setup. I've not
> checked myself.
>
By default, Qubes does not encrypt /boot. Traditionally, that's because doing so would render the
system unbootable. However, that's no longer true with newer versions of GRUB, which are now capable
of booting from encrypted block devices. So, it's worth considering for Qubes. Tracking:
https://github.com/QubesOS/qubes-issues/issues/2442
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYMD17AAoJENtN07w5UDAwzSkP+wQ2j9InSiYCsGR0fWFECymo
Cb0VzO+07YC6fC2XMQXZk8szzc82CTfH7kPo0qWz6kHNWT7OXnF72X5cZviGtl1w
yhKjCiE/oD4R9upUzH2Pe67P+EKs7mpoi4k2VCC9qkAmnjLBKwyNl1Li4a3nlL6a
PQ+BfOGYr6yQuBKDrs4v5oP0pabQIYHq0aXbXiuPLio3RCUzPBGIvL5Tod+EPxSJ
QjhPqKK186XEjHQBn3H9mg4dC0iM2c/2eLloRviv8sxTrytX8DJMudgfVn6N9ni6
rU1V+6qKxKOojOz0dbMAYKA4hqoeYwcXW99jWl0wkrVeOA2dHv+etZZ4OjzVZK/m
5+Q5BS6xdLntZybbxkCGYjkLHN8bZy2Ka/YLO5glyI5yz3NIY55UFF9P5YNgLUHK
YAVuWxfTlpWqak/0VV1jLPsHABz2u2rCx2zwm4iYEmpSVWZpNRVy4QYhiGhSgWlt
0UrixWjb++8SACVIovNeJY82BNUZrySaMLv7aUqMwCsGTk6iGnjIc/xfjoB4lyJ4
a83B0KgXKxn7YLfr84456eoe5BIbzJK5y3ybA9eV7yNcDmXmPvyub7sa2txvB6yH
zmfYlkV8samTyXAMp8KFH4lbDzjbmNt5H1DqejA+QmHTnUIgzLgwqKCpt0KGQ3Up
MDwA6rj2CEBMhzHZhvU/
=krSf
-----END PGP SIGNATURE-----