Re: What about hard disk encryption at install time

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Monday 20 August 2007, Kushal Das wrote:
> Hi all,
> What about hard disk encryption at install time ? (like opensuse). I know
> many of us is looking for this feature.

   It partly works but not out of the box. To be secure we need to have 
encrypted swap, home and root (including /tmp and /var/tmp). I assume 
everywhere dm-crypt and luks. Do not use fuse - its way too slow.

  1) Encrypted swap works (small error message but seems benign) - see
     http://marc.info/?l=fedora-list&m=118384694918234&w=2

   2) Encrypted home - works but not quite as it should - see
      http://marc.info/?l=fedora-list&m=118391945718659&w=2

      [Aside - you'll need to fsck by hand for now ...]

   3) Encrypted Root -- does not work
       Seems mostly to be mkinitrd needs updating (see 
       https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124789

       As wiki says - this root mount, to be robust, should probably be done 
by UUID  - that patch will need to find its way in as well.

       After its updated we can explore what works.


     4) Since root does not work this leaves /tmp and /var/tmp exposed. My 
solution is described here (basically i use the encrypted /home to house /tmp 
which is bind mounted over /tmp)

     http://marc.info/?l=fedora-list&m=118610981917894&w=2

  Hope this is helpful.

g

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux