LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

March 2014

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS March 2014

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: encryption of root filesystem
From:	Boryeu Mao <[log in to unmask]>
Reply To:	Boryeu Mao <[log in to unmask]>
Date:	Thu, 13 Mar 2014 10:18:00 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (59 lines)

After following up on the suggestions (and thinking some more), I am
concluding that a bootable encrypted root filesystem is perhaps an
over-kill for my need to have in one iso image a complete copy of my
system (including the encrypted home) - the latter for example can be
stored in an encrypted loop-back file easily enough.

For bootable root filesystem, indeed it seems possible (e.g.
http://askubuntu.com/questions/95392/how-to-create-a-bootable-system-with-a-squashfs-root
), with the aid of live-boot and live-boot-initramfs-tools, etc.  For
myself though, for now this would be left a project for another day.
Help and suggestions were much appreciated.

On 3/10/14, Boryeu Mao <[log in to unmask]> wrote:
> I am running SL via 'livecd-iso-to-disk' from
> XL-65-x86_64-2014-02-06-LiveDVD.iso, with an encrypted home.  Although
> my overlay is fairly large, I don't know (yet) the rate at which it
> will grow but expect it to be full eventually, at which point the
> system would become un-bootable (as it is abundantly pointed out in
> the livecd-iso-do-disk man page).  In preparation for such an
> eventuality I made an iso of the system fashioned after the LiveDVD
> iso; for this iso image, it would be simpler not to treat the home
> directory separatly but to include it in the root filesystem, if that
> could be encryted, thus my query.
>
> Thanks all for the replies - I will try to followup the pointers and
> suggestions.
>
> Regards,
> Boryeu
>
> On 3/10/14, David Sommerseth <[log in to unmask]> wrote:
>> On 07/03/14 18:33, Boryeu Mao wrote:
>>> In building a bootable DVD image (in the manner of
>>> SL-65-x86_64-2014-02-06-LiveDVD.iso), is it possible to encrypt the
>>> system?  If so, should the file LiveOS/squashfs.img be encrypted, or
>>> the file ext3fs.img contained therein? and what other changes (for
>>> example in the boot configuration) would be needed?   Hopefully this
>>> is a question not outside of the design goals.  Thanks in advance for
>>> any help/pointers.
>>
>> I've never thought of this need.  I don't know if it's possible.  The
>> only thing which cannot be encrypted normally, is /boot.  Grub does not
>> support encryption, but as long as grub can load a kernel and initrd,
>> the root fs can pretty much be encrypted.  You just need to be sure the
>> initrd contains the needed tools to decrypt the file system (such as
>> cryptsetup and so on).  Dracut has fairly good encryption support these
>> days.  So it should be possible.
>>
>> I'm sorry I don't have any wise pointers right now.
>>
>>
>> --
>> kind regards,
>>
>> David Sommerseth
>>
>>
>

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV