Hi IT3 Stuart Blake Tener, USN, On Fri, May 04, 2007 at 07:47:25PM -0400, IT3 Stuart Blake Tener, USN wrote: > Predicated upon a congress of users whom would exemplify such thought in > their choice for an OS alternative to Windows, or in order to provide a less > costly support driven alternative to other Linux based OS distributions, the > fact that they are driven by this modicum of thought does not and should not > otherwise limit their ability to choose to assert a posture whereby the disk > is fully encrypted from the moment installation reaches finalization. I agree. Full disk encryption is something I like to see available during installation of Linux distributions, and easy enough to use that non-technical users can choose to use strong encryption for their data without having to dive into the technical details. > Is there some reason why kernels could not be built on the fly during > the course of installation capable of supporting the mixture of options that > a user would otherwise build in when rolling their own kernel post install > time? > > Additionally, the provisioning of multiple choice kernels onto the > distribution media would provide the user's a choice of options neither > impossible, nor unattractive in being able to engage loop-aes as a potential > encryption software. It seems to me like building kernels during installation could prove rather complex and might be error prone. Fortunately, for loop-AES this is not required. Most distribution kernels include the standard kernel loop driver as module so that it can be "overridden" by the loop-AES version without recompile of the kernel. This is ignoring the merit of building the kernel during install to cater for different needs of users. This could be an interesting feature, albeit difficult to implement. I tend to think that this is becoming less important with the flexibility of current distribution kernels and more powerful early userspace (initramfs), but that's just my impression :-) cheers, Max -- PS: Sorry for the very late reply. :-( - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
