diff options
author | Francis Rowe <info@gluglug.org.uk> | 2014-11-04 17:42:11 +0000 |
---|---|---|
committer | Francis Rowe <info@gluglug.org.uk> | 2014-11-04 17:42:11 +0000 |
commit | 7429bdcdbb4fc51c61897115112468642afeecfc (patch) | |
tree | 7f45698bc6f232dc9b8ceb7f4dc623654bd83428 /docs | |
parent | a23dad962971b51a3f19e84ac9b95865014eae4c (diff) |
encrypted_parabola.html: Further clarification of purpose.
encrypted_trisquel.html: Further clarification of purpose.
Diffstat (limited to 'docs')
-rw-r--r-- | docs/howtos/encrypted_parabola.html | 16 | ||||
-rw-r--r-- | docs/howtos/encrypted_trisquel.html | 16 |
2 files changed, 28 insertions, 4 deletions
diff --git a/docs/howtos/encrypted_parabola.html b/docs/howtos/encrypted_parabola.html index c7a9210..3a1a75d 100644 --- a/docs/howtos/encrypted_parabola.html +++ b/docs/howtos/encrypted_parabola.html @@ -26,8 +26,20 @@ </header> <p> - Because GRUB is installed directly as a payload of libreboot (or coreboot), you don't need an unencrypted /boot partition - when setting up an encrypted system. This means that your machine can really secure data while powered off. + Libreboot uses the GRUB <a href="http://www.coreboot.org/Payloads#GRUB_2">payload</a> + by default, which means that the GRUB configuration file + (where your GRUB menu comes from) is stored directly alongside libreboot + and it's GRUB payload executable, inside + the flash chip. In context, this means that installing distributions and managing them + is handled slightly differently compared to traditional BIOS systems. + </p> + + <p> + On most systems, the /boot partition has to be left unencrypted while the others are encrypted. + This is so that GRUB, and therefore the kernel, can be loaded and executed since the firmware + can't open a LUKS volume. Not so with libreboot! Since GRUB is already included directly as a + payload, even /boot can be encrypted. This protects /boot from tampering by someone with physical + access to the machine. </p> <p> diff --git a/docs/howtos/encrypted_trisquel.html b/docs/howtos/encrypted_trisquel.html index 0c6696e..7599e02 100644 --- a/docs/howtos/encrypted_trisquel.html +++ b/docs/howtos/encrypted_trisquel.html @@ -26,8 +26,20 @@ </header> <p> - Because GRUB is installed directly as a payload of libreboot (or coreboot), you don't need an unencrypted /boot partition - when setting up an encrypted system. This means that your machine can really secure data while powered off. + Libreboot uses the GRUB <a href="http://www.coreboot.org/Payloads#GRUB_2">payload</a> + by default, which means that the GRUB configuration file + (where your GRUB menu comes from) is stored directly alongside libreboot + and it's GRUB payload executable, inside + the flash chip. In context, this means that installing distributions and managing them + is handled slightly differently compared to traditional BIOS systems. + </p> + + <p> + On most systems, the /boot partition has to be left unencrypted while the others are encrypted. + This is so that GRUB, and therefore the kernel, can be loaded and executed since the firmware + can't open a LUKS volume. Not so with libreboot! Since GRUB is already included directly as a + payload, even /boot can be encrypted. This protects /boot from tampering by someone with physical + access to the machine. </p> <p> |