on Wed, Apr 25, 2001 at 09:35:51AM -0600, Stefan Srdic (linuxbox@telusplanet.net) wrote:
> I'm running kernel 2.4.3 on potato with Helix Gnome 1.2 (want to move to
> Helix Gnome 1.4 but there server is always busy).
>
> Anyway, I've recently compile the Encrypted LoopBack Module from :
>
> http://lwn.net/2001/0419/a/filecrypto.php3
>
> and was wondering if it was possible to use it to encrypt my root
> partition which is formated as ReiserFS?
>
> The readme includes instructions on *creating* encrypted partitions and
> filesystems but does not specify if it is possible to manipulate an
> existing filesystem.
>
> Does anybody have any insight?
No specific experience here, I've glanced at some of the encrypted FS
docs but not implemented anything. Thoughts:
- For "manipulating" (I assume you mean taking an existing ext2fs and
converting it to encrypted), I'd look at a create new, copy data,
delete old, cycle.
- For booting: I'd look at initrd.
You're going to have to have something loaded which knows what to do
with an encrypted partition, and can figure out how to mount it.
Note that I'd think a bit before encrypting my root filesystem. What are
you gaining, from a security standpoint, that isn't possible by
encrypting specific files within the root filesystem? What are you
paying in system performance (and you're going to pay it every time, all
the time). What do you have on your root FS that's worth encrypting
anyway?
My general understanding it that FS encryption makes sense for user and
local data on the system, but not for general-purpose areas such as
/bin, /sbin, /dev, /lib, most of /etc, and probably /root. You're going
to save yourself a lot of work if you just stick to /home and/or user
subdirectories.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What part of "Gestalt" don't you understand? There is no K5 cabal
http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
Attachment:
pgpPkn2T6VTf_.pgp
Description: PGP signature