encrypted root fs
Russell Coker
russell at coker.com.au
Tue Aug 17 02:36:17 UTC 2004
On Tue, 17 Aug 2004 00:47, Josiah Royse <jroyse at gmail.com> wrote:
> On Mon, 16 Aug 2004 23:40:55 +1000, Russell Coker <russell at coker.com.au>
wrote:
> > > If the goal is for an encrypted filesystem- why not just have a script
> > > interface early on in the boot process to prompt for a password for
> > > the encrypted file system - in order to mount the encrypted ones? Or
> >
> > I am thinking of making it an option to take a file of random data, a
> > user-entered password, or an XOR of both of them.
>
> I like it! Basically a poor-man's smartcard of sorts. Much easier to
> test/develop for since USB keys are easy to find.
Yes.
> Removing the USB key after boot in this senario would not affect it,
> since the key is read once, correct? Down the road perhaps the UI
My idea is that the USB device would be used for /boot. So it would not need
to be installed all the time, but it would be required for kernel upgrades.
> would be patched to recognize the removal of the smartcard/like device
> and lock the screen. Just a thought!
Eventually we'll get to such things. SE Linux is one of many parts of the Red
Hat security plan. Many more things will come in RHEL 5 and beyond.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-devel-list
mailing list