-
@ Taylan (Kemalist Turkish Cat)
2025-02-27 10:34:46
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqx2vc8gu0kj2slcujhkd2y684k32e2zhzn78d2quea4tajn9ql2pqunvqps nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqufmlneg8tt9jwvk6p40t02lxhmkns6zlpu4cwrvxerczdnn4syzqrf359z
Did GRUB's support for mounting encrypted partitions improve in the last years?
A while ago a had a setup with GRUB in the MBR(*) and then fully encrypted partitions, with no separate /boot.
(* Technically MBR + 62 sectors; you know what I mean.)
And it was horrible because:
1. You can't set a non standard keyboard layout for GRUB. (Or I was too stupid to figure out how to make it use Colemak.)
2. The password entry prompt is extremely primitive and simply drops you into a rescue REPL if you mistype the password. (Even just once, IIRC.)
3. I think the decryption was super slow, maybe because it's compiled without SSE or something for maximum portability? But I may have imagined this.
4. There's no capability to pass on the password to the initrd or kernel, so, you have to enter it again a second time soon after.
I actually had to enter a password 4 times to fully boot into that system: GRUB prompt for root partition (in standard keyboard layout), kernel prompt for root partition (in Colemak), kernel prompt for home partition, and finally the user account login.
Nowadays I use an unencrypted disk and have KDE set up to log me in without a password. :blobcat-joy: