* Peter_22@xxxxxx wrote:
> To summarize it:
> - accessing loop-aes encrypted partitions/containers is possible
> with any newer Knoppix Live CD/DVD
> - setting up an entirely encrypted system (/) requires lots of hand
> work
Depends ... I'm in the process of writing an "idiots-guide"-like text
about setting up root encryption with loop-aes, providing both
commented example configs & precompiled initrds.
In a nutshell:
- create a full install on a single root partition (not needed on a
running system, obviously ;-)
- create both a bootable USB stick and boot CDROM (always have a
backup handy...)
- test boot setup
- adapt /etc/fstab & encrypt root partition via aespipe
I played around a bit with using the swap space (half a GB) for a
minimal install of an emergency system. This worked for me, but I
regard it as too bloated to include it in the draft. I'm thinking
along the lines of a busybox-like approach.
> As you asked for an USB-bootable solution I advise you to follow
> example 7.7 from loop-aes readme. This works even with SuSE and you
> can encrypt every bit of data on you drives. No bootpartition and
> no partition table will remain. Up to now I haven?t seen an
> installer that supports encrypted installations.
The beauty of that example is that it can be used also on
non-ecrypted root partitions... the system will just boot. Great to
test one's setup before actually encrypting root via aespipe.
And about that tweaked installer ... I discussed the issue with a
fellow slackware user some time ago. It's most certainly doable, but
right now I just lack the time to pursue that project.
So many ideas, so little time ...
--
left blank, right bald