15 Nov
2016
15 Nov
'16
4:39 p.m.
Hi Gerald,
On Mon, Nov 14, 2016 at 10:21:10AM +0000, Gerald Davies wrote:
Have you included encryption of /boot ?
Unfortunately BitFolk does need to extract your kernel and initramfs
from your /boot so we need to read that. Therefore that must remain
separate as xvda1, unencrypted and with no sensitive information on
it.
It might be possible to avoid this if your kernel and initramfs were
stored outside of your VPS, but the idea of keeping it inside the
VPS has a number of advantages around the package upgrade scripts
not being surprised about what they should do when a new kernel is
installed.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting