On 21.06.2007 14:03:14, coderman wrote: > On 6/21/07, Benjamin Schieder <blindcoder@xxxxxxxxxxxxxxxxxxxx> wrote: > >Since running `dmsetup table' still gives the required line to decrypt the > >block device and LiveCDs generally do not have a secure `root' account, > >running `dmsetup remove my_tor_home' after mount should be obvious. > > what about saving changes later? require re-auth and remount? The mount will stay (and appear as /dev/mapper/my_tor_home on /home). It's just the /dev/mapper_my_tor_home device and entry in `dmsetup table' that will vanish. > >> key scrubbing and robust key schedule (less data is encrypted per key > >> than the others) for loop-aes multi-v3 may provide a useful benefit > >> depending on your needs... > > > >The need is a Tor LiveCD. > > intended usage and environment is a better description. if the LiveCD > is used for a client only, no long term identity keys stored, than any > of the above should be fine. (this sounds like what you envision near > term). That's the one. I don't intend to have a Tor server LiveCD. > 0. pre-boot auth: > i like to use a small initrd to do this with a kernel configured > without networking and other unnecessary device support. pivot_root, > kexec, and exec init work well in this context... The good thing is: The ROCK Linux initrd already supports exactly that. It's how I set up my root-on-raid and encrypted-home-on-raid before booting the system. Greetings, Benjamin -- The Nethack IdleRPG! Idle to your favorite Nethack messages! http://pallas.crash-override.net/nethackidle/
Attachment:
pgplsluZjeP0X.pgp
Description: PGP signature