This project has moved. For the latest updates, please go here.

Upgrade to v1.19, unclear if must re-encrypt?

Topics: Technical Issues
Oct 20, 2016 at 3:39 PM
Edited Oct 20, 2016 at 3:42 PM
Hi all!

I've read the comments regarding the new upgrade from 1.18 to 1.19 and that it's recomended that you should re-encrypt your OS-partitions due to the changes in bootloader. So of course I'm going to do that.

Looking at the specifications in the report, it looks like most changes in 1.19 is done in the bootloader.

Furthermore, I'm not sure what the changes below implies:
"Removal of XZip and XUnzip. These were replaced with modern and more secure zip libraries (libzip)."

It's not all clear if you should re-encrypt your other normal partitions/devices like:
(Non system volumes)
-External harddrives
-USB flash drives
-Containers
etc..

-I'm not using the GOST-cipher
-and I'm not using hidden volymes.
Coordinator
Oct 20, 2016 at 3:59 PM
Hi,

Re-encryption is needed only if you were using GOST89 cipher. No re-encryption is needed otherwise.

For system encryption, you will need to create a new Rescue Disk (zip for EFI and ISO for MBR) in order to have a Rescue Disk that uses the updated boot components.

I hope this clarifies things.
Oct 20, 2016 at 8:34 PM
Edited Oct 20, 2016 at 10:10 PM
idrassi wrote:
Hi,

Re-encryption is needed only if you were using GOST89 cipher. No re-encryption is needed otherwise.

For system encryption, you will need to create a new Rescue Disk (zip for EFI and ISO for MBR) in order to have a Rescue Disk that uses the updated boot components.

I hope this clarifies things.
Thanks!
Oct 20, 2016 at 10:11 PM
But I still have to re-encrypt my OS-partition (eg. windows) in order to get the new more secure bootloader and create the new rescue disk right?
Coordinator
Oct 20, 2016 at 10:14 PM
No: installing 1.19 updates the bootloader automatically.

Once Once 1.19 installed and after reboot, create the new Rescue Disk in order to have a Rescue Disk that uses the latest bootloader. No need to re-encrypt to get a new Rescue Disk: just use menu System -> Create Rescue Disk.
Marked as answer by DexterICE on 10/20/2016 at 3:26 PM
Oct 20, 2016 at 10:27 PM
idrassi wrote:
No: installing 1.19 updates the bootloader automatically.

Once Once 1.19 installed and after reboot, create the new Rescue Disk in order to have a Rescue Disk that uses the latest bootloader. No need to re-encrypt to get a new Rescue Disk: just use menu System -> Create Rescue Disk.
Excellent!