|
|
|
|
|
|
by ohazi
2230 days ago
|
|
|
There's a way to encrypt the boot partition and have GRUB ask you for the boot partition key, but you're limited to LUKS1, and the decryption process is slow as molasses, since it's implemented inefficiency directly in the GRUB code, because the Kernel's faster code isn't loaded yet. It's also probably full of side channel leaks. Signing the kernel and ramdisk is probably the better option... |
|
|