(Sorry if this comes late, but I had trouble getting through the list's spam filters.) Sthu Deus: > > Can I make separate passwords (if one is necessary to boot) - for > accessing the FS and for just booting? It appears you don't really understand how filesystem encryption (usually) works. Let my try to explain. A "normal" system uses the following layers of abstraction: A filesystem sits on a partition which is part of a hard disk. When encryption comes into play, it looks like the following: Filesystem Encryption layer (like dm-crypt, what the Debian Installer uses) Partition Hard disk (I intentionally left out other abstraction layers like RAID and LVM.) What follows is that the complete filesystem is unavailable to the operating system until someone unlocks the encryption layer. The filesystem itself is completely unaware of the whole process and there's no way to give users different permissions concerning the encryption layer. Either the filesystem is readable (and therefore mountable), or it's not. (Sidenote: when using LUKS it is possible to give [and revoke] different passwords to different users which all can be used to unlock access to the filesystem.) What should be clear by now as well: you cannot encrypt a filesystem retroactively, because technically the filesystem isn't encrypted at all. Encryption is just another layer between the filesystem and the physical device. If you want your data to be encrypted, you have to remove the filesystem, add the encryption layer and recreate the filesystem on top of it. J. -- If I was a supermodel I would give all my cocaine to the socially excluded. [Agree] [Disagree] <http://www.slowlydownward.com/NODATA/data_enter2.html>
Attachment:
signature.asc
Description: Digital signature