You are not logged in.

Pages: 1

#1 2022-06-11 16:36:42

IM_N00b
Member
Registered: 2022-06-11
Posts: 8

[Solved]About detached luks header

If I detached the luks header and store it in the usb,
Q1:do I need to stick the usb in when booting?
Q2:what happens if I unplug the usb after unlock luks?


Also imagine the following partitions
lsblk:
NAME                  MAJ:MIN    RM    SIZE    RO    TYPE    MOUNTPOINT
nvme0n1              259:0        0        465.8G 0        disk 
├─nvme0n1p1     259:1        0        1G        0        part       /boot/efi
├─nvme0n1p2     259:2        0        1G        0        part 
│ └─cryptboot      254:3        0       1022M  0        crypt      /boot
└─nvme0n1p3     259:3        0       463.8G  0       part 
  └─cryptlvm        254:0        0       463.8G  0       crypt
    ├─swap           254:1        0       16G       0       lvm         [SWAP]
    └─root             254:2        0       447.8G  0       lvm         /
Q3:If we place the luks header of nvme0n1p3 here on the encrypted /boot (nvme0n1p2) and use the Remote luks header, do we lose deniability due to the luks header of /boot on nvme0n1p2?

Last edited by IM_N00b (2022-06-13 12:04:50)

Offline

#2 2022-06-11 19:55:31

frostschutz
Member
Registered: 2013-11-15
Posts: 1,417

Re: [Solved]About detached luks header

If you want to open the LUKS you have to provide the header somehow, when you boot it...

The header is only required at the time you open it (via luksOpen or luksResume after luksSuspend but almost no one uses it).

Otherwise you only need the header when changing passphrase and such things. So yes, you can unmount and unplug it.

Deniability is a weird concept, and LUKS is not designed for it. So moving all headers and traces (so /boot entirely) to an independent  / external device is already about the best you can do. But it will still look obviously encrypted...

Offline

#3 2022-06-12 02:25:27

5thtimebypassing
Banned
Registered: 2022-06-12
Posts: 5

Re: [Solved]About detached luks header

Personally I would just make a boot and/or efi partition on a USB, and what happens when it's removed is your system won't even display there's anything there in the Bios, until you plug it back in, be aware any alteration or addition to the boot partition post install needs to be done carefully, 1 wrong grub install for example will lock you out, keep MKInitcpio & initramfs up to date frequently.

Last edited by 5thtimebypassing (2022-06-12 02:26:12)

Offline

#4 2022-06-13 12:04:23

IM_N00b
Member
Registered: 2022-06-11
Posts: 8

Re: [Solved]About detached luks header

Thx i understand.

Offline

Pages: 1

Board footer

Powered by FluxBB