[ale] Encrypted Laptop Questions

[John Mills]

ALErs -

I would like to learn about encrypted Linux and dual-boot installations 
and would appreciate pointers to HOW-TOs, guides, and other sources of 
background.

OBJECTIVE: protect data on the disk from non-authorized users, even if the 
disk is removed to another machine.

Specifically I have a laptop computer that currently dual-boots WinXP and 
FC11. There is also a VFAT disk partition shared by both the OS. The WinXP 
installation has separate NTFS partitions for the OS files and user files, 
but I assume that separation is not 100% clean due to applications that 
may cache data in system directories or their installation directories.

Primary requirements:

1. Encrypt Win and Linux partitions in some mutually compatible way.

2. Provide multiple pass-phrases (at least one user and one administrator) 
which could be later updated.

Desired features:

1. Migrate my current installations, but I could pass through an external 
backup drive for this. (I may abandon Linux migration if I decide to 
change or upgrade my Linux distribution.)

2. Somehow provide for Windows upgrades. (I take Linux upgrades for 
granted - is that reasonable?)

4. Use GPG for [at least] key management.

Open questions:

1. I would prefer not to use, but could accept boot authorization by means 
of a separate gadget, i.e., a USB memory device.

2. I don't know if I care about encrypting the boot sector or the separate
Linux boot partion, but that would be fine if it handled authorization 
and dual-boot cleanly. (I would then stay with existing password 
authorization once booted.)

3. If necessary I believe I could run WinXP in a virtual machine - VMware 
or VirtualBox are the prime candidates. Eventually I expect a Win7 
migration.

TIA.

  - Mills