[ale] Pros & cons on encrypting disks
Scott Castaline
hscast at charter.net
Mon Dec 1 17:29:50 EST 2008
Jim Kinney wrote:
> Can't encrypt the boot partition otherwise no kernel available to run
> the decryption :-)
Figured that was the reason, not even sure why I even had any doubts to
that.
>
> I ran Fedora 8 with added drive encryption. No problem (the first
> install was tedious but it all worked fine). I then up0graded that
> laptop to Fedora 9. During the install it recognized the encrypted
> drive, prompted for the password for the key, unlocked and upgraded
> flawlessly (OK - So I had previously removed all the Livna repo
> multimedia stuff to avoid headaches).
>
> Later backed off personal data, wiped the drive and installed F9 from
> scratch. No problems. Just reworked the machine from scratch with F10
> 64-bit as I upgraded to 4GB ram. Once the bios patch went on the box has
> performed well. No flawlessly - there are bugs in the suspend,
> hibernate, power-management and the gnome session manager is rather
> unstable (Grr!). But the disk encryption is has been so far rock solid.
>
> Admin on a disk encryption is a bigger challenge. Must have a backup of
> the keys and know the encryption scheme and also must know the password.
> Current scheme allows multiple passwords so there can be an admin user
> and other normal users. So normal users can boot the box without knowing
> the admin password.
>
Any suggested reading material, something that isn't required reading
for a CSE major? I'm from the hardware dungeon(s).
> Disk encryption is/will-be a big thing to be comfortable working with.
>
> On Sat, Nov 29, 2008 at 12:42 PM, Scott Castaline <hscast at charter.net
> <mailto:hscast at charter.net>> wrote:
>
> Just want to get a feel for the pros and cons of encrypting my disk(s).
> I just created a VM to install Fedora 10 before upgrading my system. I
> chose to use the encryption option to see how it worked in the install
> process and how it behaves once installed. I did notice that the boot
> partition cannot be encrypted. Is this just a Fedora thing or is that
> the encryption key is not present until the initial boot process is
> completed? So what are the pros and the cons to this?
>
> TIA
> Scott
> _______________________________________________
> Ale mailing list
> Ale at ale.org <mailto:Ale at ale.org>
> http://mail.ale.org/mailman/listinfo/ale
>
>
>
>
> --
> --
> James P. Kinney III
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list