Root filesystem encryption update

[n0dalus]

On 6/19/07, Bruno Wolff III <bruno at wolff.to> wrote:
>
> I think waiting for a complete solution is not the way to proceed. There are
> several different steps involved with the solution. If some of the steps
> have workable solutions, getting them included in the distribution will
> help get them tested and allow other people to build upon the previous work.
> It might be hard to recruit people to do some of the things that will be
> eventually needed until there is some base functionallity for them to play
> with.
>
> You don't have to advertise full disk encryption for the masses as soon as
> there is some support for booting with an encrypted root partition.
>

Does full disk encryption have many advantages over directory-based
encryption? It seems like a lot less pain to be able to boot into X
and just have important directories encrypted.

One problem I see in both approaches is access control. Many computers
are used by more than one person, and instead of giving everyone the
one password (and having to change it whenever someone leaves the pool
of trusted people), it might be better to make sure these methods use
username/password combos which can be added and revoked.

n0dalus.