-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bodo Staron wrote: > > Then you connect, for example, by SSH, you see a prompt, enter > the password and the server boots through. you will need a mini-root (initrd with network & sshd started?) to allow you remote access to this box. after the key is available (unlocked by your interaction) booting would continue and mount the encrypted root partition. > Would be nice to know if anyone was successful doing that. Reason for > that would be, Server is in a server center somewhere, hard to reach. what's the point in encrypting the root partition anyway? i know, this issue comes up every now and then but i for one don't give a *** about my root-partition. /bin, /usr and /lib are no secrets (everone can imagine what's in there...) and i wonder what's so secret in /etc (except perhaps /etc/shadow) that someone has to encrypt it. even when it is secret, i doubt it can't be loaded *after* the system is up and running and mounting crypto devices is available (and thus links from /etc/my_secret to /sec should be there). i even see 2 disadvantages in having an encrypted root: - nasty chicken-and-egg problems as shown by the OP - speed decrease in fs access (well, at least on my 500Mhz system this is still an issue) Christian (*not* intending to start some (f)lame war) - -- BOFH excuse #428: Firmware update in the coffee machine -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBfsMR+A7rjkF8z0wRAinIAJ9IKwFeEU7xrp7a6eZa2aVs13U91wCfaGuD Hw/V83rNkRSRyTKRUxtii8o= =vPMP -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
