Encryption on installation

[Bill Davidsen]

Peter Lauri wrote:
> Hi,
> 
> I have been playing around with Ubuntu installation on a machine and the 
> installation of Ubuntu provided an option to encrypt the partition on 
> installation. Does the installation of Fedora Core 8 provide this 
> option? I need to have all (except boot) encrypted as my laptop needs to 
> be brought out of customers facilities.
> 
> Any ideas of this?
> 
My thought is that FC8 is hardly a secret... What needs to be encrypted 
is usually found in /home, or /usr/local. If you can restrict the 
important data to filesystems which can be mounted after boot.

About crypto: cryptoloop is in Fedora kernels, and is generally enough 
to protect against people who steal the laptop for the resale value. Not 
enough for pro government or industrial spies. AES-loop doesn't appear 
to be in Fedora, at least to FC8, and looking quickly I don't see 
cryptfs either.

Don't know about dm-crypt security, we have a big investment in 
cryptoloop, since we release data on encrypted CDs and would have to 
update every machine to use a new scheme.

And finally, I would encrypt *really* critical info, like passwords and 
certain other things using GPG on a file, even if in a crypto filesystem.

In general current Fedora capabilities are enough for many requirements, 
as long as you avoid the bozo user who mounts the crypto filesystem and 
then suspends the laptop which is then stolen. No tech will protect you 
against fools.

-- 
Bill Davidsen <davidsen at tmr.com>
   "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot