What about hard disk encryption at install time
Mail Lists
lists at sapience.com
Tue Aug 21 02:48:17 UTC 2007
On Monday 20 August 2007, Kushal Das wrote:
> Hi all,
> What about hard disk encryption at install time ? (like opensuse). I know
> many of us is looking for this feature.
It partly works but not out of the box. To be secure we need to have
encrypted swap, home and root (including /tmp and /var/tmp). I assume
everywhere dm-crypt and luks. Do not use fuse - its way too slow.
1) Encrypted swap works (small error message but seems benign) - see
http://marc.info/?l=fedora-list&m=118384694918234&w=2
2) Encrypted home - works but not quite as it should - see
http://marc.info/?l=fedora-list&m=118391945718659&w=2
[Aside - you'll need to fsck by hand for now ...]
3) Encrypted Root -- does not work
Seems mostly to be mkinitrd needs updating (see
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124789
As wiki says - this root mount, to be robust, should probably be done
by UUID - that patch will need to find its way in as well.
After its updated we can explore what works.
4) Since root does not work this leaves /tmp and /var/tmp exposed. My
solution is described here (basically i use the encrypted /home to house /tmp
which is bind mounted over /tmp)
http://marc.info/?l=fedora-list&m=118610981917894&w=2
Hope this is helpful.
g
More information about the fedora-devel-list
mailing list