[ale] Encrypted Laptop Questions

[Jim Kinney]

Fun path!  Look at ditching the F11 (outdated!)  and jump to F13 and install
using the drive encryption option. It will require a password to decrypt the
LVM containing / and swap (and /home, /var, etc).

TrueCrypt is a multi-platform partition/file/drive encryption tool that will
allow a shared partition to be a data swap area between the F13 and the
windows. It can (I'm 90% certain) also encrypt the windows partition as
well.

Doing the XP in a VM may be the easiest way to do all of this - F13 with
full drive encryption and no access to the drive contents even if removed.

The unlock keys can be handled with either a password prompt _or_ with an
external device and password prompt. The LUKS (method used for drive
encryption) supports multiple password slots (up to 10) so a multiuser
laptop can have individual passwords plus a master key.

On Thu, Jul 15, 2010 at 10:03 AM, John Mills <johnmills at speakeasy.net>wrote:

> ALErs -
>
> I would like to learn about encrypted Linux and dual-boot installations
> and would appreciate pointers to HOW-TOs, guides, and other sources of
> background.
>
> OBJECTIVE: protect data on the disk from non-authorized users, even if the
> disk is removed to another machine.
>
> Specifically I have a laptop computer that currently dual-boots WinXP and
> FC11. There is also a VFAT disk partition shared by both the OS. The WinXP
> installation has separate NTFS partitions for the OS files and user files,
> but I assume that separation is not 100% clean due to applications that
> may cache data in system directories or their installation directories.
>
> Primary requirements:
>
> 1. Encrypt Win and Linux partitions in some mutually compatible way.
>
> 2. Provide multiple pass-phrases (at least one user and one administrator)
> which could be later updated.
>
> Desired features:
>
> 1. Migrate my current installations, but I could pass through an external
> backup drive for this. (I may abandon Linux migration if I decide to
> change or upgrade my Linux distribution.)
>
> 2. Somehow provide for Windows upgrades. (I take Linux upgrades for
> granted - is that reasonable?)
>
> 4. Use GPG for [at least] key management.
>
> Open questions:
>
> 1. I would prefer not to use, but could accept boot authorization by means
> of a separate gadget, i.e., a USB memory device.
>
> 2. I don't know if I care about encrypting the boot sector or the separate
> Linux boot partion, but that would be fine if it handled authorization
> and dual-boot cleanly. (I would then stay with existing password
> authorization once booted.)
>
> 3. If necessary I believe I could run WinXP in a virtual machine - VMware
> or VirtualBox are the prime candidates. Eventually I expect a Win7
> migration.
>
> TIA.
>
>  - Mills
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



-- 
-- 
James P. Kinney III
I would rather stumble along in freedom than walk effortlessly in chains.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20100715/76809fe9/attachment-0001.html