[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: What about hard disk encryption at install time




On Monday 20 August 2007, Kushal Das wrote:
> Hi all,
> What about hard disk encryption at install time ? (like opensuse). I know
> many of us is looking for this feature.

   It partly works but not out of the box. To be secure we need to have 
encrypted swap, home and root (including /tmp and /var/tmp). I assume 
everywhere dm-crypt and luks. Do not use fuse - its way too slow.

  1) Encrypted swap works (small error message but seems benign) - see
     http://marc.info/?l=fedora-list&m=118384694918234&w=2

   2) Encrypted home - works but not quite as it should - see
      http://marc.info/?l=fedora-list&m=118391945718659&w=2

      [Aside - you'll need to fsck by hand for now ...]

   3) Encrypted Root -- does not work
       Seems mostly to be mkinitrd needs updating (see 
       https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124789

       As wiki says - this root mount, to be robust, should probably be done 
by UUID  - that patch will need to find its way in as well.

       After its updated we can explore what works.


     4) Since root does not work this leaves /tmp and /var/tmp exposed. My 
solution is described here (basically i use the encrypted /home to house /tmp 
which is bind mounted over /tmp)

     http://marc.info/?l=fedora-list&m=118610981917894&w=2

  Hope this is helpful.

g


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]