[dm-crypt] FYI: how to (really) cleanly shutdown the system when root is on multiple stacked block devices

markus reichelt ml at mareichelt.com
Fri Jul 2 20:48:54 CEST 2010


* Milan Broz <mbroz at redhat.com> wrote:

> On 06/27/2010 02:20 AM, markus reichelt wrote:
> >* Arno Wagner<arno at wagner.name>  wrote:
> >
> >>Hmm. You know, encrypted root is a problem and pretty difficult
> >>to do in the rfirt place. Why not just encrypt the critical
> >>parts, like /var /home /root? The rest only holds binaries and
> >>config files anyways, which are not that sensitive...
> >
> >Are you serious?
> 
> Usually encrypting everything is better, otherwise we add many
> problems here.

I phrased the question badly. My point is: Leaving /etc in plain but
encrypting /home (at least) leaves you wide wide open these days to
identity theft; wpa_supplicant and related foo, openvpn, ssh host
keys, ... just to name a few. That's what I was after.

-- 
left blank, right bald
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20100702/df15e2ef/attachment.asc>


More information about the dm-crypt mailing list