1 |
Your method for supporting encrypted root partitions looks pretty good. Here |
2 |
are some comments: |
3 |
|
4 |
First, I think it is key that the creation of this system is automated and |
5 |
included in the Gentoo installation process. |
6 |
|
7 |
Good: |
8 |
|
9 |
o your idea of not trusting the boot process is great! |
10 |
o your documentation is pretty strong, including kernel configuration |
11 |
|
12 |
Potential room for improvement: |
13 |
|
14 |
o perhaps we can think of a better boot process trust protocol? |
15 |
o why not use romfs instead of minixfs? Is minixfs smaller? |
16 |
o why can't usb and crypto be modules, loaded by linuxrc? (this is kind of |
17 |
picky) |
18 |
o why use GPG when a symetric system will do? |
19 |
o no PPC -- but perhaps I can help, as you mentioned |
20 |
|
21 |
So, great work overall! I am considering whether I should continue to work |
22 |
on my system or begin contributing to yours. Perhaps two competing systems |
23 |
would encourage innovation... |
24 |
|
25 |
By the way, my system is available at |
26 |
http://www.flyn.org/projects/cryptoswap/index.html. |
27 |
|
28 |
-- |
29 |
Mike |
30 |
|
31 |
-- |
32 |
gentoo-hardened@g.o mailing list |