Re: encrypted file system in linux like XP

From: Fondula di Carceri (fondula.di.carceri_at_gmx.net)
Date: 05/03/03 

Date: Sat, 03 May 2003 17:22:10 GMT

> To understand how things work: an encrypted file system has the data on
> the disk encrypted with a key, a key that is not usually stored on the
> system in question. To enable the kernel to decrypt the data and access
> the file system, you have to load the key from somewhere, and then that
> system is *mounted*. You can't keep the local administrator out, they
> have control of the OS.
So basicly, you can't have an encrypted / partition, unless the kernel
has the key in itself? Are there filesystems that can do this? Basicly,
the kernel resides on / as an inode (correct?) so it can be booted,
which in turns enables the mounting of the filesystem.... But, you can't
have an encrypted / without having the kernel also encrypted? Mmh,
I'm smelling a chicken-and-egg problem here.. So if you want an
entirely encrypted bootable drive, it has to be done by hardware?

> If you want to encrypt files so they're accessible to the user without
> mounting a file system and leaving everything open to root, you need a
> file-by-file encryption technique, such as PGP.
Would Reiser4 (when it's available) be an option in this case?

Sincerely,
Fondula di Carceri
[ fondula dot di dot carceri at gmx dot net . gpg or pgp on request ]

Relevant Pages

  • 2.6.27-rc7 no init found on the root partition?
    ... but the kernel is unable to boot. ... XFS file system but no init found. ... it complains that root file system not found and I have ... # Input Device Drivers ...
    (Linux-Kernel)
  • Re: pdflush stuck in D state with v2.6.24-rc1-192-gef49c32
    ... I noticed it with the kernel in the $SUBJECT, ... Copying 300 MB from root to the new file system did not trigger ... # CPUFreq processor drivers ... # PCI IDE chipsets support ...
    (Linux-Kernel)
  • [Full-Disclosure] iDEFENSE Security Advisory 04.14.04: Buffer Overflow in ISO9660 File System Compon
    ... Buffer Overflow in ISO9660 File System Component of Linux Kernel ... In order to exploit this vulnerability, an attacker must be able to ... 2004 Exploit acquired by iDEFENSE ...
    (Full-Disclosure)
  • Re: Boot.ini question
    ... system aware loader, NOT a 'reduced' OS. ... file system aware because it needs to be file system aware. ... to get the same result that ntldr gets. ... loads the kernel into memory, then unpacks the ramdisk, and finally ...
    (comp.sys.ibm.pc.hardware.storage)
  • Re: Developing a Device Driver
    ... > be nice to present to users as a file system - the data that is produced ... > This is why I initially thought about a RAM disk type approach, ... Can I get access to the network through a driver? ... > the right term) kernel proxy, that would allow a user mode application to ...
    (microsoft.public.development.device.drivers)