1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Folks: |
5 |
|
6 |
I am pleased to announce that with Mike Petullo's help, I have been able |
7 |
to get an encrypted-root system WORKING with my Gentoo 2.6 laptop, using |
8 |
a random string that is stored on a USB dongle; this string is encrypted |
9 |
with GPG. |
10 |
|
11 |
I have been working on writing this up, cleaning up everything; it is |
12 |
taking days to do so. |
13 |
|
14 |
Work in progress documentation is available at |
15 |
|
16 |
http://www.sdc.org/~leila/usb-dongle/README |
17 |
|
18 |
The entire setup - a minix-based RAMDisk, and a tarballed filesystem for |
19 |
the USB-dongle - has been posted to |
20 |
|
21 |
http://www.sdc.org/~leila/usb-dongle/ |
22 |
|
23 |
|
24 |
This setup is working for me on an x86 system; you will need to replace |
25 |
the binaries on the usb tarball with your actual binaries (just copy |
26 |
them over from a working linux system, taking care to copy over any |
27 |
shared libs as well). |
28 |
|
29 |
Although I am starting to use this setup in production use, I keep |
30 |
backups of everything, and assume it is going to eat my hard disk at any |
31 |
moment. More pounding is needed. |
32 |
|
33 |
At this point I want to focus on getting the documentation completed, |
34 |
and augmented some other, recently-produced encrypted-root documentation |
35 |
that was posted on linux-crypto. |
36 |
|
37 |
After I have written down the bones, next steps are left to other |
38 |
people, I think: I know that Mike has a PPC system; if other ppl could |
39 |
make this work for other architectures, and if we could get some |
40 |
feedback about testing, then I could post an announcement to |
41 |
gentoo-forums and we could get some more testers. |
42 |
|
43 |
Cheers! |
44 |
|
45 |
~ - boyd |
46 |
|
47 |
Boyd Waters |
48 |
http://www.aoc.nrao.edu/~bwaters |
49 |
where the hell is Socorro, New Mexico? |
50 |
|
51 |
|
52 |
-----BEGIN PGP SIGNATURE----- |
53 |
Version: GnuPG v1.2.3 (GNU/Linux) |
54 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
55 |
|
56 |
iD8DBQE/Wi/00is8k1r0QeURAn1nAJ0VfWXYw1SpEebSE6pcVAaR8vYEGwCfRcnL |
57 |
wluOYwA+HrgngVAFHYEE3xQ= |
58 |
=2KMs |
59 |
-----END PGP SIGNATURE----- |
60 |
|
61 |
|
62 |
-- |
63 |
gentoo-hardened@g.o mailing list |