T_B T_B at sympatico.ca
Wed Feb 9 16:42:04 PST 2005

<pinotj at club-internet.fr> wrote in message
news:mnet1.1107947432.25842.pinotj at club-internet.fr...

Well, I didn't expect a lot of enthousiasmic reactions about my last e-mail
but I would have been happy to get some comments about encrypting the swap.

Anyway, I did a patch for the book (r153) that I would like to share:

Jerome:  I have been experimenting with loop-AES as well with HLFS.
Initially I used the technique you describe, but after analyzing the swap
partition, I found that there are vast amounts of swap file structure within
the swap partition, even though the data is encrypted.  So I modified my
initrd scripts to allocate a random key for the swap partition, mount it and
then do a mkswap to /dev/loop<n>.  That way every thing is fully encrypted
from one end of the partition to the other.

Also I have my other partitions encrypted as well, except for a small boot
partition that has the kernel, initrd.gz and grub directory.  The initrd
accesses a Sony Puppy USB device that requires my fingerprint to fetch the
keys needed to boot the system.  After booted, the USB device is removed.

So, there are others out here experimenting.


More information about the hlfs-dev mailing list