On 1/13/19 10:38 PM, yaro@xxxxxxxxxx wrote: > > No need to use the luksHeaderRestore/luksHeaderBackup. You can create > and use a detached LUKS header with the --header parameter. You can use > --header, combined with a zero offset on the device and no partition > table and it should, in theory, only look like random data across the > entire drive. You could then put LVM on the LUKS container for > "partitioning." hey, cool! cheers, i wonder when they added that! > > I use a setup like that, though I'm not sure how bootable that setup > could be; especially on UEFI systems which require an unencrypted > system partition. > once the bootloader loads your initrd, the initrd would be able to re-assemble it provided the data source for the header was available. -- brent saner https://square-r00t.net/ GPG info: https://square-r00t.net/gpg-info
Attachment:
signature.asc
Description: OpenPGP digital signature
