Is the partition with the GRUB bootloader encrypted in Ubuntu if you specify during installation that you want to use disk encryption?

R

Rozello2021-02-26 20:05:08

linux

Rozello, 2021-02-26 20:05:08

Today I installed various Linux distributions on a virtual machine, in particular ubuntu, kubuntu, opensuse leap.
During installation, I indicated that I want to encrypt everything that is possible on the disk.
And I found that during the boot of ubuntu \ kubuntu, the password from the disk is first requested, then the user's password.
But in suse, the key for decrypting grub is first requested, as I understand it (the password was the same as the password for encrypting the disk), then again the password is from the disk, and only then the user password.
Question: what is the reason for this difference in behavior? Is it because suse handles passwords in a strange way? Or is it because suse encrypts the bootloader and ubuntu doesn't?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

R

rPman, 2021-02-26
@Rozello

As far as I know, grub is not encrypted, suse, as I understand it, just puts a password on it , you can also add it yourself to ubuntu
According to my mind, when using UEFI and SecureBoot, only signed grub is allowed to start, which means you can add your keys to bios, delete all the rest and sign grub with your key, in this case no one will be able to start anything, change the bios and so on ... just turn iron into a brick.
I myself am interested in what a secure config should be, for example, from a hoster, I'm not talking about absolute protection, but it would be useful to make this task more expensive.

A

Alexey Dmitriev, 2021-02-27
@SignFinder

Here is how to encrypt and boot
https://cryptsetup-team.pages.debian.net/cryptsetu...