[Gllug] Secure filing system?
John Edwards
john at cornerstonelinux.co.uk
Mon Feb 14 01:05:33 UTC 2011
On Mon, Feb 14, 2011 at 12:31:48AM +0000, Rob Crowther wrote:
> On 13/02/11 19:48, John Edwards wrote:
>> it encrypts file systems. And you need a boot filesystem that
>> is unencrypted.
>
> To drag this back to Linux for a second - this is exactly how drive
> encryption works on my Fedora box. You need an unencrypted boot
> filesystem so that you can load the kernel driver that's capable of
> decrypting the other filesystems - how else can it work?
Pre-boot authentication is the first thing that comes to mind:
http://en.wikipedia.org/wiki/Pre-boot_authentication
Though I'm not aware of any way of doing this in Linux without either
having a separate unencrypted /boot somewhere (eg read-only flash) or
doing the encryption in hardware (which doesn't really count).
Anyway, the point I was trying to make is that what Microsoft people
call a "drive" is different to the rest of the computing world (see
also "domain").
--
#---------------------------------------------------------#
| John Edwards Email: john at cornerstonelinux.co.uk |
#---------------------------------------------------------#
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 205 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20110214/a4879af6/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list