> - encrypted swap This shouldn't be too hard. There are a lot of scripts out there that do this. The only issue is the timing of things. Generally, encrypted swap needs to be initialized after the RNG entropy pool. As mentioned before, this is probably a prerequisite to all of the other encryption features. > - encrypted file system partitions or logical volumes I am working on implementing encrypted root filesystem support to mkinitrd. See https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124789 for more information and an patch. > - user owned encrypted storage (encrypted loop devices, can substitute > encrypted directories to a certain degree) This can be implemented pretty nicely using pam_mount (http://www.flyn.org/projects/pam_mount/index.html) because pam_mount can unlock filesystems at login time using a user's system authentication token. An article I wrote for the Linux Journal on the subject of encrypted home directories is available at http://www.flyn.org/docs/ehd.pdf. Note that there have been some changes to pam_mount since the article's publication last year. There is also an active bug that asks for encrypted filesystem support in general: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=56698. -- Mike
