GRUB Now Supports EXT4 File-Systems With Encryption
The GRUB bootloader now supports file-systems making use of EXT4 file-system encryption but where the boot files are left unencrypted.
EXT4 for a while has supported native file-system encryption using fscrypt. GRUB now can deal with EXT4 file-systems having the encryption flag, but where the boot files are left unencrypted on that file-system.
GRUB isn't (at least not yet) able to support decrypting encrypted files with EXT4/fscrypt, but with the latest code is now at least able to handle the file-system gracefully where the EXT4_ENCRYPT_FLAG is set and the boot files are on there unencrypted.
Google's Eric Biggers added the support to GRUB Git, "Since GRUB cannot decrypt encrypted contents or filenames, just issue an error if it would need to do so. This is sufficient to allow unencrypted boot files to co-exist with encrypted files elsewhere on the filesystem."
EXT4 for a while has supported native file-system encryption using fscrypt. GRUB now can deal with EXT4 file-systems having the encryption flag, but where the boot files are left unencrypted on that file-system.
GRUB isn't (at least not yet) able to support decrypting encrypted files with EXT4/fscrypt, but with the latest code is now at least able to handle the file-system gracefully where the EXT4_ENCRYPT_FLAG is set and the boot files are on there unencrypted.
Google's Eric Biggers added the support to GRUB Git, "Since GRUB cannot decrypt encrypted contents or filenames, just issue an error if it would need to do so. This is sufficient to allow unencrypted boot files to co-exist with encrypted files elsewhere on the filesystem."
3 Comments