[ale] Pros & cons on encrypting disks

Jim Kinney jim.kinney at gmail.com
Sat Nov 29 19:03:19 EST 2008


Can't encrypt the boot partition otherwise no kernel available to run the
decryption :-)

I ran Fedora 8 with added drive encryption. No problem (the first install
was tedious but it all worked fine). I then up0graded that laptop to Fedora
9. During the install it recognized the encrypted drive, prompted for the
password for the key, unlocked and upgraded flawlessly (OK - So I had
previously removed all the Livna repo multimedia stuff to avoid headaches).

Later backed off personal data, wiped the drive and installed F9 from
scratch. No problems. Just reworked the machine from scratch with F10 64-bit
as I upgraded to 4GB ram. Once the bios patch went on the box has performed
well. No flawlessly - there are bugs in the suspend, hibernate,
power-management and the gnome session manager is rather unstable (Grr!).
But the disk encryption is has been so far rock solid.

Admin on a disk encryption is a bigger challenge. Must have a backup of the
keys and know the encryption scheme and also must know the password. Current
scheme allows multiple passwords so there can be an admin user and other
normal users. So normal users can boot the box without knowing the admin
password.

Disk encryption is/will-be a big thing to be comfortable working with.

On Sat, Nov 29, 2008 at 12:42 PM, Scott Castaline <hscast at charter.net>wrote:

> Just want to get a feel for the pros and cons of encrypting my disk(s).
> I just created a VM to install Fedora 10 before upgrading my system. I
> chose to use the encryption option to see how it worked in the install
> process and how it behaves once installed. I did notice that the boot
> partition cannot be encrypted. Is this just a Fedora thing or is that
> the encryption key is not present until the initial boot process is
> completed? So what are the pros and the cons to this?
>
> TIA
> Scott
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>



-- 
-- 
James P. Kinney III
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20081129/80f71e1c/attachment.html 


More information about the Ale mailing list