Re: Linux distro w/loop-aes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



* Peter_22@xxxxxx wrote:

> To summarize it:
> - accessing loop-aes encrypted partitions/containers is possible
> with any newer Knoppix Live CD/DVD
> - setting up an entirely encrypted system (/) requires lots of hand
> work

Depends ... I'm in the process of writing an "idiots-guide"-like text
about setting up root encryption with loop-aes, providing both
commented example configs & precompiled initrds.

In a nutshell:

 - create a full install on a single root partition (not needed on a
   running system, obviously ;-)

 - create both a bootable USB stick and boot CDROM (always have a
   backup handy...)

 - test boot setup 

 - adapt /etc/fstab & encrypt root partition via aespipe

I played around a bit with using the swap space (half a GB) for a
minimal install of an emergency system. This worked for me, but I
regard it as too bloated to include it in the draft. I'm thinking
along the lines of a busybox-like approach.

 
> As you asked for an USB-bootable solution I advise you to follow
> example 7.7 from loop-aes readme. This works even with SuSE and you
> can encrypt every bit of data on you drives. No bootpartition and
> no partition table will remain. Up to now I haven?t seen an
> installer that supports encrypted installations.

The beauty of that example is that it can be used also on
non-ecrypted root partitions... the system will just boot. Great to
test one's setup before actually encrypting root via aespipe.

And about that tweaked installer ... I discussed the issue with a
fellow slackware user some time ago. It's most certainly doable, but
right now I just lack the time to pursue that project. 


So many ideas, so little time ...

-- 
left blank, right bald

Attachment: pgpTSgmS9nPPL.pgp
Description: PGP signature


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux