2007-11-01

Encrypted root and more

On my desktop system I decided to try out the cryptographic root options when installing debian.

The Debian installer even has gui support for that setup, so I went and created an uncrypted /boot partition with some 100 MB for the kernels, initrd's and so on. Next step was to create the biggest part of the hard disk as an encrypted partition. In that partition I setup an LVM volume group with swap and the root.

This all goes nicely with the installer and on my Core2 Duo System runs smoothly, doing the encryption transparently. I didn't yet recognize any performance difference (using AES-256), but I still have to run some games or apps that require more CPU power.

So during startup I enter the decryption password to unlock the partition and then continue with a secured system. Another interesting feature would be to put the password onto an USB stick and during bootup read it from there.

No comments: