No _required_ reading that I have found. I've done a bit of google work to find details and read a bit of the LUKS pages (that's the main process for keys, I think). If you are doing a fresh install of Fedora9+ or Ubuntu 8+ (use the "special disk"??) it automagically works. F9 will set up LVM with /boot on a physical and the rest under an encrypted volume. This is good as / and swap are encrypted. So if the laptop suspends or hibernates, the drive key password is required to unlock it plus the user password. You can create multiple password "slots" that unlock the same partion encryption.<br>
<br><div class="gmail_quote">On Mon, Dec 1, 2008 at 5:29 PM, Scott Castaline <span dir="ltr"><<a href="mailto:hscast@charter.net">hscast@charter.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">Jim Kinney wrote:<br>
> Can't encrypt the boot partition otherwise no kernel available to run<br>
> the decryption :-)<br>
<br>
</div>Figured that was the reason, not even sure why I even had any doubts to<br>
that.<br>
<div class="Ih2E3d">><br>
> I ran Fedora 8 with added drive encryption. No problem (the first<br>
> install was tedious but it all worked fine). I then up0graded that<br>
> laptop to Fedora 9. During the install it recognized the encrypted<br>
> drive, prompted for the password for the key, unlocked and upgraded<br>
> flawlessly (OK - So I had previously removed all the Livna repo<br>
> multimedia stuff to avoid headaches).<br>
><br>
> Later backed off personal data, wiped the drive and installed F9 from<br>
> scratch. No problems. Just reworked the machine from scratch with F10<br>
> 64-bit as I upgraded to 4GB ram. Once the bios patch went on the box has<br>
> performed well. No flawlessly - there are bugs in the suspend,<br>
> hibernate, power-management and the gnome session manager is rather<br>
> unstable (Grr!). But the disk encryption is has been so far rock solid.<br>
><br>
> Admin on a disk encryption is a bigger challenge. Must have a backup of<br>
> the keys and know the encryption scheme and also must know the password.<br>
> Current scheme allows multiple passwords so there can be an admin user<br>
> and other normal users. So normal users can boot the box without knowing<br>
> the admin password.<br>
><br>
</div>Any suggested reading material, something that isn't required reading<br>
for a CSE major? I'm from the hardware dungeon(s).<br>
<div class="Ih2E3d"><br>
> Disk encryption is/will-be a big thing to be comfortable working with.<br>
><br>
> On Sat, Nov 29, 2008 at 12:42 PM, Scott Castaline <<a href="mailto:hscast@charter.net">hscast@charter.net</a><br>
</div><div class="Ih2E3d">> <mailto:<a href="mailto:hscast@charter.net">hscast@charter.net</a>>> wrote:<br>
><br>
> Just want to get a feel for the pros and cons of encrypting my disk(s).<br>
> I just created a VM to install Fedora 10 before upgrading my system. I<br>
> chose to use the encryption option to see how it worked in the install<br>
> process and how it behaves once installed. I did notice that the boot<br>
> partition cannot be encrypted. Is this just a Fedora thing or is that<br>
> the encryption key is not present until the initial boot process is<br>
> completed? So what are the pros and the cons to this?<br>
><br>
> TIA<br>
> Scott<br>
> _______________________________________________<br>
> Ale mailing list<br>
</div>> <a href="mailto:Ale@ale.org">Ale@ale.org</a> <mailto:<a href="mailto:Ale@ale.org">Ale@ale.org</a>><br>
<div class="Ih2E3d">> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
><br>
><br>
><br>
><br>
> --<br>
> --<br>
> James P. Kinney III<br>
><br>
><br>
</div>> ------------------------------------------------------------------------<br>
<div><div></div><div class="Wj3C7c">><br>
> _______________________________________________<br>
> Ale mailing list<br>
> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>-- <br>James P. Kinney III <br><br>