Thanks Alexander for the link, I think Michael might be right, as far as, having a "nice user" setup for FULL disk encryption may be a way off yet ! I'll stick to mounting volumes when I need them ! ;o) On Wed, 22 Sep 2004 11:01:09 +1000, Michael Hart <mixstat@xxxxxxxxxxxxxx> wrote: > Alexander Dalloz wrote: > > Am Mo, den 20.09.2004 schrieb Dalibor Malek um 0:39: > > > > > >>Is it possible to somehow encrypt the whole hard disk in a manner that > >>the whole system, copying(from my scripts) and so on have full access, > >>but if someone wants to connect to the machine this is not granted > >>except he knows the right password(I know this is already done with > >>ssh1), but also if some one opens a terminal he muss give in the > >>password to access all files. > > > > > > I do not understand this part of your posting. Besides ssh1 is obsolete > > and you should always use ssh protocol 2, Linux always requires > > authentication for a login process. Someone who is able to open up a > > terminal has already authenticated. Or what case do you mean? > > > > > >>The same should be if someone wants to copy the hard disk, only if he > >>knows the password he can succeed else the only thing he gets is garbage. > >>Is there something like that? > > > > > > The kernel 2.6 meanwhile has encryption modules by default, so does the > > Fedora Core 2 kernel. Recently on the developer list was a discussion > > about how to use this with device-mapper to have a totally encrypted > > system. > > I have a couple of partitioned encrypted with device mapper and the 2.6 > kernel encrypting file system. I may be wrong but i do not think it can > encrypt an entire hard disk but only the individual partitions in the > hard disk. The partition information is still not encrypted. It > appears to be to me (as a mere user) simply an enryption layer > underneath a normal file system. > > As such I do not think it encrypts the swap partition (which is a > potential security flaw) and I don't know how to get it to encrypt the > boot partition (as the boot image needs to be readable to load then it > needs to be able to decrypt the other file systems). > > In my situation I am not overly concerned about these deficiencies. In > fact I do not want to encrypt the OS incase I need to boot from the > repair disk and fix the OS. Howevert if there are any pointers how to > overcome the deficiencies I would be interested in reading them. > > As far as I can tell you need to be superuser to run dm-crypt and mount > the resulting filesystems. This means once this is done the data on > those filesystems is available for all users with sufficient > permissions. This is not what the OP wanted as far as I can interpret. > They want it to only be available for one user and hidden from all > other users. > > >>Dalibor Malek > > > > > > Alexander > > > > > > > > > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list >
