Hi, First of all - I'm a bit confused about the options. As far as I can gather, there are 1.Kernel's cryptoloop 2. Kernel's dm-crypt 3. Jari Ruusu's (or documented by him?) cryptoloop Out of these, 1 is clearly bad (documentation of all three say that it is). However, dm-crypt's documentation does not mention #3 and #3's documentation does not mention dm-crypt. So, what's the deal between these? Now to my actual problem. I want to crypt my entire hard disks. No, not every partition of them, but everything, including the MBR (I intend to boot from USB). This option is not even mentioned in the documentation of either framework. Obviously I would have initrd-based system for asking the passphares and setting the decryption. However, I'd like to automate this process as far as possible - and for this, I need to make the kernel read the decrypted devices as hard disks (i.e. look for partition tables, RAID arrays, etc). Any pointers to get going with this? I have a faint memory of the device mapper supporting this, but I am unable to find any information about it. Of course, this does not work if the crypto system still writes unencrypted headers on the disk. Cryptoloop doesn't seem to be writing any extra data, but I didn't check out if dm-crypt (with LUKS or not) does. Before you ask why - hiding the information that is inside is often good enough, but it is much better if the disks look as if there was only random garbage in them. Then no-one can prove that they are encrypted and that may help avoiding trouble. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
