Musings about on-disk encryption in Fedora Core
mike at flyn.org
mike at flyn.org
Mon Jul 5 17:00:36 UTC 2004
> - encrypted swap
This shouldn't be too hard. There are a lot of scripts out there that do
this. The only issue is the timing of things. Generally, encrypted swap
needs to be initialized after the RNG entropy pool. As mentioned before,
this is probably a prerequisite to all of the other encryption features.
> - encrypted file system partitions or logical volumes
I am working on implementing encrypted root filesystem support to mkinitrd.
See https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124789 for more
information and an patch.
> - user owned encrypted storage (encrypted loop devices, can substitute
> encrypted directories to a certain degree)
This can be implemented pretty nicely using pam_mount
(http://www.flyn.org/projects/pam_mount/index.html) because pam_mount can
unlock filesystems at login time using a user's system authentication token.
An article I wrote for the Linux Journal on the subject of encrypted home
directories is available at http://www.flyn.org/docs/ehd.pdf. Note that
there have been some changes to pam_mount since the article's publication
last year.
There is also an active bug that asks for encrypted filesystem support in
general: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=56698.
--
Mike
More information about the fedora-devel-list
mailing list