Fun path! Look at ditching the F11 (outdated!) and jump to F13 and install using the drive encryption option. It will require a password to decrypt the LVM containing / and swap (and /home, /var, etc).<br><br>TrueCrypt is a multi-platform partition/file/drive encryption tool that will allow a shared partition to be a data swap area between the F13 and the windows. It can (I'm 90% certain) also encrypt the windows partition as well.<br>
<br>Doing the XP in a VM may be the easiest way to do all of this - F13 with full drive encryption and no access to the drive contents even if removed.<br><br>The unlock keys can be handled with either a password prompt _or_ with an external device and password prompt. The LUKS (method used for drive encryption) supports multiple password slots (up to 10) so a multiuser laptop can have individual passwords plus a master key.<br>
<br><div class="gmail_quote">On Thu, Jul 15, 2010 at 10:03 AM, John Mills <span dir="ltr"><<a href="mailto:johnmills@speakeasy.net">johnmills@speakeasy.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
ALErs -<br>
<br>
I would like to learn about encrypted Linux and dual-boot installations<br>
and would appreciate pointers to HOW-TOs, guides, and other sources of<br>
background.<br>
<br>
OBJECTIVE: protect data on the disk from non-authorized users, even if the<br>
disk is removed to another machine.<br>
<br>
Specifically I have a laptop computer that currently dual-boots WinXP and<br>
FC11. There is also a VFAT disk partition shared by both the OS. The WinXP<br>
installation has separate NTFS partitions for the OS files and user files,<br>
but I assume that separation is not 100% clean due to applications that<br>
may cache data in system directories or their installation directories.<br>
<br>
Primary requirements:<br>
<br>
1. Encrypt Win and Linux partitions in some mutually compatible way.<br>
<br>
2. Provide multiple pass-phrases (at least one user and one administrator)<br>
which could be later updated.<br>
<br>
Desired features:<br>
<br>
1. Migrate my current installations, but I could pass through an external<br>
backup drive for this. (I may abandon Linux migration if I decide to<br>
change or upgrade my Linux distribution.)<br>
<br>
2. Somehow provide for Windows upgrades. (I take Linux upgrades for<br>
granted - is that reasonable?)<br>
<br>
4. Use GPG for [at least] key management.<br>
<br>
Open questions:<br>
<br>
1. I would prefer not to use, but could accept boot authorization by means<br>
of a separate gadget, i.e., a USB memory device.<br>
<br>
2. I don't know if I care about encrypting the boot sector or the separate<br>
Linux boot partion, but that would be fine if it handled authorization<br>
and dual-boot cleanly. (I would then stay with existing password<br>
authorization once booted.)<br>
<br>
3. If necessary I believe I could run WinXP in a virtual machine - VMware<br>
or VirtualBox are the prime candidates. Eventually I expect a Win7<br>
migration.<br>
<br>
TIA.<br>
<br>
- Mills<br>
<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>-- <br>James P. Kinney III<br>I would rather stumble along in freedom than walk effortlessly in chains.<br><br><br>