[dundee] Whole Disk Encryption?
Sean McRobbie
lug at seany.us
Fri Jan 30 14:35:12 UTC 2009
Hi Lee,
Check out http://wiki.archlinux.org/index.php/LUKS_Encrypted_Root#Encrypt_using_a_key-file
Have successfully used this to automatically unlock a device at boot after we decided we couldn't be arsed to plug in a keyboard and type the passphrase 'a' at each boot.
For more information, look into LUKS / dm-crypt
If you run into any problems (I'm sure I ran into a few) I'll try and help the best I can.
Regards,
Sean McRobbie
----- Original Message -----
From: "Lee Hughes" <toxicnaan at yahoo.co.uk>
To: "Tayside Linux User Group" <dundee at lists.lug.org.uk>
Sent: Friday, 30 January, 2009 11:49:10 GMT +00:00 GMT Britain, Ireland, Portugal
Subject: [dundee] Whole Disk Encryption?
Can anyone help me with this....
I'm looking for a linux disk encrytion system, open source or otherwise that can
protect a machines disks.... Trouble is, this machine is remote , so I need a faily secure way of keeping the key with the machine. I.e. Stored in somesort of secure dongle?
Can a TPM chip store keys, if so, how?
I know most people will tell me to store the key somewhere else, or ask for pass phrase
at boot, but for a remote server, this is not possible. it's not connected to the internet either,
just to make it harder for me!!!
I think my only sane option is to store the key 'somewhere' in the machine, and
extract that during boot.
it has to be fairly secure , but not ultra secure.... enough to keep people like Kris out ;-)
what are my options, luks?
Cheers,
Lee
_______________________________________________
dundee GNU/Linux Users Group mailing list
dundee at lists.lug.org.uk http://dundee.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/dundee
Chat on IRC, #tlug on dundee.lug.org.uk
More information about the dundee
mailing list