Gabriel Jägenstedt <gabriel.j@xxxxxxxxx> wrote: > Another question. > Is it a simple thing to add an extra layer of encryption or so after > you've encrypted your drive? Or should this be planned for in advance? So far I didn´t set up encrypted root with more than 1 layer. I made a successfull test with another harddisk and 2 layers some time ago. It works but you will use as much keys as you use layers and you will have to build the modules for additions ciphers. For multilayer encrypted root you have to load these modules from usb-stick before booting the pc! So I suggest you get the thing with the usb-stick done first. Then Jari might give us detailed info on how to build an initrd that loads several modules and mounts encrypted root. About booting from USB-Sticks: Not all mainboard BIOSes support that kind of gimmick. Not all manufacturers guarantee you that their sticks can be booted from. Using syslinux is the easiest way to get it done. You don´t need to configure something. Just type syslinux /dev/sda and your done. If you insist on grub or else, please go here and read: http://spblinux.ch.vu/ In case you are successfull with Grub on usb-sticks I´d like to hear from you about that! In case you never compiled a kernel I´d propose you try Linux Suse and the standard kernel. Only make those changes mentioned in loop-aes readme. And don´t start with thinking about several layers of encryption. The examples of the loop-aes readme can be combined. You start with the distro of your choice and encrypt more and more parts of it. Step by step, as much as you deem usefull. In case you find any other software that boots a PC with no partition table on installed disks, please let me know. Regards, Peter -- Handyrechnung zu hoch? Tipp: SMS und MMS mit GMX Seien Sie so frei: Alle Infos unter http://www.gmx.net/de/go/freesms - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
