Re: Linux distro w/loop-aes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi IT3 Stuart Blake Tener, USN,

On Fri, May 04, 2007 at 07:47:25PM -0400, IT3 Stuart Blake Tener, USN wrote:
>     Predicated upon a congress of users whom would exemplify such thought in
> their choice for an OS alternative to Windows, or in order to provide a less
> costly support driven alternative to other Linux based OS distributions, the
> fact that they are driven by this modicum of thought does not and should not
> otherwise limit their ability to choose to assert a posture whereby the disk
> is fully encrypted from the moment installation reaches finalization.

I agree. Full disk encryption is something I like to see available
during installation of Linux distributions, and easy enough to use that
non-technical users can choose to use strong encryption for their data
without having to dive into the technical details.

>     Is there some reason why kernels could not be built on the fly during
> the course of installation capable of supporting the mixture of options that
> a user would otherwise build in when rolling their own kernel post install
> time?
>
>     Additionally, the provisioning of multiple choice kernels onto the
> distribution media would provide the user's a choice of options neither
> impossible, nor unattractive in being able to engage loop-aes as a potential
> encryption software.

It seems to me like building kernels during installation could prove
rather complex and might be error prone. Fortunately, for loop-AES this
is not required. Most distribution kernels include the standard kernel
loop driver as module so that it can be "overridden" by the loop-AES
version without recompile of the kernel.

This is ignoring the merit of building the kernel during install to
cater for different needs of users. This could be an interesting 
feature, albeit difficult to implement. I tend to think that this is
becoming less important with the flexibility of current distribution
kernels and more powerful early userspace (initramfs), but that's 
just my impression :-)

cheers,
Max

-- 
PS: Sorry for the very late reply. :-(

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux