It is true, encrypted /boot on Linux (i.e. where the Linux kernel lives) is time-consuming and error-prone to setup, even if you have been using Linux for years. GRUB only understands LUKS version 1, and is poorly optimised, meaning LUKS' default "2 seconds of password hashing" during install/setup from a running Linux OS takes significantly (!) longer when booting via GRUB. It is the age-old cathedral/bazaar issue.
No comments yet.