I'm not sure if this is helpful to anyone else and I can't decide if it's mildly clever or just a stupid pet trick, really. I recently decided to reinstall my work laptop with centos. as part of the install I used an 8g sandisk USB drive; it's roughly the size of a wireless mouse receiver. I put /boot, / and /usr on the USB drive, set encrypted partitions for swap, /home, /opt, /var and put them as well as the boot loader the internal drive. so now the USB drive is quite literally acting like a 'key' for whole laptop. with no drive, the laptop comes up to an error like 'No OS found' or something of the like.
anyway, not sure anyone else will find it useful, helpful, interesting or anything else, but I felt like sharing, I guess.
--On Thursday, May 29, 2014 12:43:16 PM -0400 zep zgreenfelder@gmail.com wrote:
I'm not sure if this is helpful to anyone else and I can't decide if it's mildly clever or just a stupid pet trick, really.
[...]
I put /boot, / and /usr on the USB drive, set encrypted partitions for swap, /home, /opt, /var and put them as well as the boot loader the internal drive. so now the USB drive is quite literally acting like a 'key' for whole laptop.
You may find this of interest in that case: http://www.gno.org/~gdr/sysadmin/centos/6/usb-crypto-key.html That configuration has the benefit that if you don't have the USB key, it does a fail-safe fallback to asking for a crypto passphrase.
Devin