encrypted root fs
Josiah Royse
jroyse at gmail.com
Mon Aug 16 13:31:24 UTC 2004
On Mon, 16 Aug 2004 01:03:17 +1000, Russell Coker <russell at coker.com.au> wrote:
> The aim of this work is to have a system that boots from removable media and
> uses encryption for all block devices so that if it is stolen no data will be
> lost and so someone who gets temporary access to the hardware will have a
> much more difficult time of trying to crack it.
If the goal is for an encrypted filesystem- why not just have a script
interface early on in the boot process to prompt for a password for
the encrypted file system - in order to mount the encrypted ones? Or
maybe a boot option grub could pass to the kernel to unencrypt the
partitions to mount? This is a concept- I know that a boot option
would be plaintext after the system booted, and you would not want to
save it in your grub config plaintext either.
In your design would you rely on physical secuity (not to lose the USB
key), the H.D. being encrypted, and UNIX security of the password- or
is there a pin/password similar to smart card and pin involved during
boot(multi factor authentication)?
I like the idea!
--Josiah
More information about the fedora-devel-list
mailing list