Re: To make unreadable a functional system.

[Sthu Deus <sthu.deus@gmail.com>]

Thank You for Your time and answer, Mike:

> As Eduardo wrote, "running" and "reading" are the same thing here.
> Entering the password makes decryption by the OS possible.  Without
> the password, the OS can't even read the partition, so it can't run.
> And once you have the password to decrypt a partition, you can remove
> the disk and decrypt it on another machine where you have root
> privileges, gaining access to all the files in the (decrypted) disk.

That's I've got from Eduardo's answer too. Yet thanks again for Your
explanation.

Let's try to look at the problem at another a bit angle - Is it
possible to save the encryption pass in a loader - like grub2 or some
other program standing somewhere in the boot process?

> I suspect that you're making an analogy to the BIOS, where there's
> separate supervisor and user passwords, with different permission
> levels.  That analogy doesn't apply here.

No. I just saw that (years ago, on a linux) in one commercial product -
they had an image of a functioning system that they passed to an
unprivileged person - the person could use it, but files were encrypted
- so usage was possible, while as to read the files of the OS -
impossible.