commence IT3 Stuart Blake Tener, USNR-R quotation: > Well my thought was that if it is implemented on the EVMS level, > then all filesystems (inclusive of swap) would be enabled for encryption > by entering a keyword once upon boot up, and it would simply the process > of building the encryption. If it was part of EVMS, EVMS would handle > it, and then a user could just make filesystems at will and all would be > encrypted. > > There in lies a second issue. For me to use DEVFS and ReiserFS I > have a problem doing so with initrd being used (it is a bug I am trying > to work through). If I can move loop-aes into the EVMS layer, then I no > longer need initrd to have an encrypted root and/or swap. Thus, I can > now use aes level encryption with ReiserFS and DEVFS and it can work. You will always need *some* unencrypted storage to boot from in order to initialise enrypted storage. If your whole system is stored on encrypted partitions, how do you propose to load the kernel and the program that reads your passphrases and feeds them to the encryption layer? You need the initrd, whether it is loaded from a partition on a hard disk or some other medium. -- ///////////////// | | The spark of a pin <sneakums@zork.net> | (require 'gnu) | dropping, falling feather-like. \\\\\\\\\\\\\\\\\ | | There is too much noise. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/