On 1/13/19 10:38 PM, yaro@marupa.net wrote:
No need to use the luksHeaderRestore/luksHeaderBackup. You can create and use a detached LUKS header with the --header parameter. You can use --header, combined with a zero offset on the device and no partition table and it should, in theory, only look like random data across the entire drive. You could then put LVM on the LUKS container for "partitioning."
hey, cool! cheers, i wonder when they added that!
I use a setup like that, though I'm not sure how bootable that setup could be; especially on UEFI systems which require an unencrypted system partition.
once the bootloader loads your initrd, the initrd would be able to re-assemble it provided the data source for the header was available. -- brent saner https://square-r00t.net/ GPG info: https://square-r00t.net/gpg-info