Re: Encrypting root partition

[Dale Amon <amon@vnl.com>]

On Sat, May 04, 2002 at 12:52:58AM -0400, Eric wrote:
> Am I missing something here?  Is there any way to securely encrypt the root
> partition?

I think you are missing something. If a machine can boot autonomously,
then there is no password or a password available in plaintext. Therefore
if the machine is stolen, all pieces are available.

The only angle I can think of is a boot rom tied to the normal
boot process that does a secure public key exchange over the 
local ethernet. That moves the problem one level back, to a 
local key server.

That's a bit of a tall order to impliment, but it would probably 
work, so long as you knew the machine was stolen and were able 
to block any further key exchange.

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/