Simple question: How do I guarantee that not a single bit of my essential data is written non-crypted on my Linux (laptop-)box ? Swap is trivial - it just has to be encrypted :) and Jari has provided good-looking boot-scripts for that. Is loop-AES currently the only one managing swap ? Then root-filesystem. If I want simply the root-filesystem encrypted, what are my options ? Another solution that comes into my mind is mounting root etc. read-only. The problem arises with logging, i.e. /var. If I need it encrypted it seems to me that problem is quite analog to encrypting the whole root-filesystem. On the other hand I could use RAM-disk to avoid boot-time problems but then I have to use RAM-disk all the way, am I right ? For performance reasons I would prefer the read-only-like solutions. -- Antti Koskimaki Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
