On Tue, Jul 06, 2004 at 10:18:02AM +1000, Russell Coker wrote: > On Tue, 6 Jul 2004 05:12, Alan Cox <alan@xxxxxxxxxx> wrote: > > /boot on the other hand cannot be encrypted usefully without hardware > > key systems because then you cannot boot off it. > > For a really secure system you have to boot from removable or read-only media. It depends on the problem you wish to solve Problem 1 is the "stolen laptop" problem. You want to be sure they can't get the data off it. Problem 2 is the "if someone takes it and puts it back" problem. You can't solve this because I can flash you a new bios with alternative APM hooks or similar. And - ironically - its easier to patch a bios and reflash it than to do many of the fancier kernel hacking tricks.
