I just noticed before the password box to unlock the disk loads, there is a very fast flash of the mint symbol and a very fast flash after I input the password.
This is on Mate 21.
It does the same if I load without the grub menu or load from the grub menu and the grub menu comes up before the unlock password box.
So it must be that at least the mint symbol and grub are stored outside of the encrypted disk. I had just assumed that completely 100 percent of the hard drive was encrypted.
The encryption looks all good, I was just wondering how all of the above works and what all else might be on any non-encrypted part of the hard drive.
LVM full disk encryption has a non-encrypted space? (SOLVED)
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
-
blueredgreen
- Level 3
- Posts: 116
- Joined: Sun Jun 17, 2012 12:14 am
LVM full disk encryption has a non-encrypted space? (SOLVED)
Last edited by LockBot on Thu Jun 01, 2023 10:00 pm, edited 2 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: LVM full disk encryption has a non-encrypted space?
Boot a live session and see how much of the drive you can access. That exercise is most comparable to the scenario of concern. What you will find is that the boot loader and boot partition are "in the clear." That's what the installer always has done, so not news. There are strategies for getting everything hidden, for example, but they're painfully difficult.
Bear in mind, encryption is only useful when the machine is powered off. When booted, everything is mounted and vulnerable.
Bear in mind, encryption is only useful when the machine is powered off. When booted, everything is mounted and vulnerable.
Re: LVM full disk encryption has a non-encrypted space?
It is interesting that Ubuntu and Mint installers are doing a fairly good job providing FDE to users with just one click. It is also pertinent to note that the same users are not informed about any necessary preventing measures if anything goes wrong.blueredgreen wrote: ⤴Thu Dec 01, 2022 9:10 pm So it must be that at least the mint symbol and grub are stored outside of the encrypted disk. I had just assumed that completely 100 percent of the hard drive was encrypted.
FDE with encrypted boot partition or other custom setup, such as in a tutorial linked above, is not so simple as the default option, and requires good understanding of the process.
...may be "mounted and accessible wihin the access permissions".When booted, everything is mounted and vulnerable
-=t42=-
-
blueredgreen
- Level 3
- Posts: 116
- Joined: Sun Jun 17, 2012 12:14 am
Re: LVM full disk encryption has a non-encrypted space? (SOLVED)
Yes, with live boot I can see a small 1.8 gb part of the drive that is not encrypted. It has an efi folder and a grub folder and a few other small items.linux-rox wrote: ⤴Thu Dec 01, 2022 10:34 pm Boot a live session and see how much of the drive you can access. That exercise is most comparable to the scenario of concern. What you will find is that the boot loader and boot partition are "in the clear." That's what the installer always has done, so not news.
The rest of the hard drive is encrypted
.