on Wed, Apr 25, 2001 at 09:35:51AM -0600, Stefan Srdic (linuxbox@telusplanet.net) wrote: > I'm running kernel 2.4.3 on potato with Helix Gnome 1.2 (want to move to > Helix Gnome 1.4 but there server is always busy). > > Anyway, I've recently compile the Encrypted LoopBack Module from : > > http://lwn.net/2001/0419/a/filecrypto.php3 > > and was wondering if it was possible to use it to encrypt my root > partition which is formated as ReiserFS? > > The readme includes instructions on *creating* encrypted partitions and > filesystems but does not specify if it is possible to manipulate an > existing filesystem. > > Does anybody have any insight? No specific experience here, I've glanced at some of the encrypted FS docs but not implemented anything. Thoughts: - For "manipulating" (I assume you mean taking an existing ext2fs and converting it to encrypted), I'd look at a create new, copy data, delete old, cycle. - For booting: I'd look at initrd. You're going to have to have something loaded which knows what to do with an encrypted partition, and can figure out how to mount it. Note that I'd think a bit before encrypting my root filesystem. What are you gaining, from a security standpoint, that isn't possible by encrypting specific files within the root filesystem? What are you paying in system performance (and you're going to pay it every time, all the time). What do you have on your root FS that's worth encrypting anyway? My general understanding it that FS encryption makes sense for user and local data on the system, but not for general-purpose areas such as /bin, /sbin, /dev, /lib, most of /etc, and probably /root. You're going to save yourself a lot of work if you just stick to /home and/or user subdirectories. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
Attachment:
pgpPkn2T6VTf_.pgp
Description: PGP signature