Has there been any updates to support encrypting the whole disk in 5.2?
If not, Is anyone doing this and can point me to some good documentation?
Thanks
Dean
I think TrueCrypt (www.truecrypt.org) will do this.
On 4 Aug, 2008, at 8:51 AM, Plant, Dean wrote:
Has there been any updates to support encrypting the whole disk in 5.2?
If not, Is anyone doing this and can point me to some good documentation?
Thanks
Dean _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Monday 04 August 2008, Plant, Dean wrote:
Has there been any updates to support encrypting the whole disk in 5.2?
As for booting from an encrypted root-filesystem I don't know. But any normal filesystem or swap can be encrypted with the normal linux blockdevice encryption functionality (dm-crypt). See the pkg cryptsetup-luks.
/Peter
On Mon, 2008-08-04 at 16:51 +0100, Plant, Dean wrote:
Has there been any updates to support encrypting the whole disk in 5.2?
There hasn't been any built-in support until Fedora 9, so perhaps at the earliest it would be 5.3 if at all. There are however, ways you can implement it yourself. The biggest things you have to keep in mind are that you need to make a change to the mkinitrd script and then generate a new initrd image to be able to encrypt /, otherwise you could just modify init.
There are a number of websites that have some docs on how to do it, here is just one that I've seen in the past:
http://www.tummy.com/Community/Articles/cryptoroot-f8/
--Tim
Timothy Selivanow wrote:
On Mon, 2008-08-04 at 16:51 +0100, Plant, Dean wrote:
Has there been any updates to support encrypting the whole disk in 5.2?
There hasn't been any built-in support until Fedora 9, so perhaps at the earliest it would be 5.3 if at all. There are however, ways you can implement it yourself. The biggest things you have to keep in mind are that you need to make a change to the mkinitrd script and then generate a new initrd image to be able to encrypt /, otherwise you could just modify init.
There are a number of websites that have some docs on how to do it, here is just one that I've seen in the past:
Thank you to everyone who replied.
Tim,
Thanks for the above link. Those instructions work fine on v5.2. You have to manually edit /sbin/mkinitrd but the changes are obvious enough from their patch file. Not quite whole disk encryption but a good compromise.
Now just need to put this in a kickstart file to try and automate the setup.
Thanks
Dean
-
Chris Brentano -
Peter Kjellstrom -
Plant, Dean -
Timothy Selivanow