Full disk encryption with boot on usb stick.

view story

https://bbs.archlinux.org – Hi,after reading this very interesting article (link here) about going past "full disk encryption" with unencrypted boot I started to think about a better solution.I know that grub2 can boot directly from live cd. So here's an idea:- keep boot partition only on an usb stick, and boot an minimal system iso kept on this usb stick,- from that iso decrypt main partition which contains whole arch system (along with /boot partition with newest kernel etc)Idea with iso has an advantage that we could easly calculate and show its sha/md5 sum every time system boots (after a while one wou (HowTos)