encrypted root filesystem

Christophe Devine devine at iie.cnam.fr
Tue Feb 24 07:15:45 PST 2004


Robert Connolly <cendres at videotron.ca> wrote:

> The Encrypted-Root-Filesystem-HOWTO doesn't encrypted the partition table. Is 
> it worth booting off other media just to encrypt the disc end to end? I think 
> encrypting the whole disc also means the whole disc would have the same key. 
> Swap partitions should use random keys.

This is possible. Just create an encrypted (for example, ext3) filesystem on
whole /dev/hda: thus every sector on the disk will be encrypted. Mount it as
/ using a bootable CD, then you can create a large file inside / and use it
as a swap. *However* there are some performance issues when the swap is not
located inside its own (preferably encrypted) partition.

To achieve this you'll need another HD (say, hdb) where the temporaty host
system will live.




More information about the hlfs-dev mailing list