Am 5. November 2010 14:48 schrieb Christoph Anton Mitterer <christoph.anton.mitterer@xxxxxxxxxxxxxxxxxxxxxx>: > On Thu, 2010-11-04 at 06:31 +0100, Jean-Michel Pouré - GOOZE wrote: >> I would like to encrypt a whole system using dm-crypt. The problem is >> that I have to run pcsc prior to mounting partitions. But then pcsc will >> need access to libraries, which need to be on a mounted partition. >> >> Is there a way around? > > Simply include all required stuff (binaries libraries, etc) in the > initramfs image. > > The (actually booting) kernel and initramfs image need to be unencrypted > anyways. > two additional ideas to make it more secure: 1. You can put your initramfs image ona usb stick to have it even more secure. 2. A script on a encrypted root partition could compare (upon decryption) md5 checksum of initramfs with the saved md5 checksum (with md5sum) and show alert message if sums do not match. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
