On Mon, 16 Aug 2004 01:03:17 +1000, Russell Coker <russell@xxxxxxxxxxxx> wrote: > The aim of this work is to have a system that boots from removable media and > uses encryption for all block devices so that if it is stolen no data will be > lost and so someone who gets temporary access to the hardware will have a > much more difficult time of trying to crack it. If the goal is for an encrypted filesystem- why not just have a script interface early on in the boot process to prompt for a password for the encrypted file system - in order to mount the encrypted ones? Or maybe a boot option grub could pass to the kernel to unencrypt the partitions to mount? This is a concept- I know that a boot option would be plaintext after the system booted, and you would not want to save it in your grub config plaintext either. In your design would you rely on physical secuity (not to lose the USB key), the H.D. being encrypted, and UNIX security of the password- or is there a pin/password similar to smart card and pin involved during boot(multi factor authentication)? I like the idea! --Josiah
