aboutsummaryrefslogtreecommitdiff
path: root/docs/howtos/encrypted_trisquel.html
diff options
context:
space:
mode:
authorFrancis Rowe <info@gluglug.org.uk>2014-11-04 17:42:11 +0000
committerFrancis Rowe <info@gluglug.org.uk>2014-11-04 17:42:11 +0000
commit7429bdcdbb4fc51c61897115112468642afeecfc (patch)
tree7f45698bc6f232dc9b8ceb7f4dc623654bd83428 /docs/howtos/encrypted_trisquel.html
parenta23dad962971b51a3f19e84ac9b95865014eae4c (diff)
downloadlibrebootfr-7429bdcdbb4fc51c61897115112468642afeecfc.tar.gz
librebootfr-7429bdcdbb4fc51c61897115112468642afeecfc.zip
encrypted_parabola.html: Further clarification of purpose.
encrypted_trisquel.html: Further clarification of purpose.
Diffstat (limited to 'docs/howtos/encrypted_trisquel.html')
-rw-r--r--docs/howtos/encrypted_trisquel.html16
1 files changed, 14 insertions, 2 deletions
diff --git a/docs/howtos/encrypted_trisquel.html b/docs/howtos/encrypted_trisquel.html
index 0c6696ec..7599e02f 100644
--- a/docs/howtos/encrypted_trisquel.html
+++ b/docs/howtos/encrypted_trisquel.html
@@ -26,8 +26,20 @@
</header>
<p>
- Because GRUB is installed directly as a payload of libreboot (or coreboot), you don't need an unencrypted /boot partition
- when setting up an encrypted system. This means that your machine can really secure data while powered off.
+ Libreboot uses the GRUB <a href="http://www.coreboot.org/Payloads#GRUB_2">payload</a>
+ by default, which means that the GRUB configuration file
+ (where your GRUB menu comes from) is stored directly alongside libreboot
+ and it's GRUB payload executable, inside
+ the flash chip. In context, this means that installing distributions and managing them
+ is handled slightly differently compared to traditional BIOS systems.
+ </p>
+
+ <p>
+ On most systems, the /boot partition has to be left unencrypted while the others are encrypted.
+ This is so that GRUB, and therefore the kernel, can be loaded and executed since the firmware
+ can't open a LUKS volume. Not so with libreboot! Since GRUB is already included directly as a
+ payload, even /boot can be encrypted. This protects /boot from tampering by someone with physical
+ access to the machine.
</p>
<p>