You can review: http://wiki.suspend2.net/EncryptedSwapAndRoot On 4/4/07, markus reichelt <ml@xxxxxxxxxxxxx> wrote:
* Peter_22@xxxxxx wrote: > To summarize it: > - accessing loop-aes encrypted partitions/containers is possible > with any newer Knoppix Live CD/DVD > - setting up an entirely encrypted system (/) requires lots of hand > work Depends ... I'm in the process of writing an "idiots-guide"-like text about setting up root encryption with loop-aes, providing both commented example configs & precompiled initrds. In a nutshell: - create a full install on a single root partition (not needed on a running system, obviously ;-) - create both a bootable USB stick and boot CDROM (always have a backup handy...) - test boot setup - adapt /etc/fstab & encrypt root partition via aespipe I played around a bit with using the swap space (half a GB) for a minimal install of an emergency system. This worked for me, but I regard it as too bloated to include it in the draft. I'm thinking along the lines of a busybox-like approach. > As you asked for an USB-bootable solution I advise you to follow > example 7.7 from loop-aes readme. This works even with SuSE and you > can encrypt every bit of data on you drives. No bootpartition and > no partition table will remain. Up to now I haven?t seen an > installer that supports encrypted installations. The beauty of that example is that it can be used also on non-ecrypted root partitions... the system will just boot. Great to test one's setup before actually encrypting root via aespipe. And about that tweaked installer ... I discussed the issue with a fellow slackware user some time ago. It's most certainly doable, but right now I just lack the time to pursue that project. So many ideas, so little time ... -- left blank, right bald
- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
