Root filesystem encryption update
Bill Nottingham
notting at redhat.com
Mon Jun 18 22:42:22 UTC 2007
Bruno Wolff III (bruno at wolff.to) said:
> I think waiting for a complete solution is not the way to proceed. There are
> several different steps involved with the solution. If some of the steps
> have workable solutions, getting them included in the distribution will
> help get them tested and allow other people to build upon the previous work.
> It might be hard to recruit people to do some of the things that will be
> eventually needed until there is some base functionallity for them to play
> with.
>
> You don't have to advertise full disk encryption for the masses as soon as
> there is some support for booting with an encrypted root partition.
The problem is, you want to get at least the basic design more or less right.
We added the cryptsetup stuff in rc.sysinit as an initial hack along these lines...
and therefore got stuck with its fundamental problems that broke most users
of it on F7 upgrades.
Bill
More information about the fedora-devel-list
mailing list