Gentoo Archives: gentoo-hardened

From: "mike@××××.org" <mike@××××.org>
To: bwaters+moz@××××.edu
Cc: gentoo-hardened@g.o
Subject: [gentoo-hardened] Re: Hardened Laptop System Available
Date: Sat, 13 Sep 2003 12:02:09
Message-Id: 20030913120207.948173143A@neuromancer.voxel.net
1 Your method for supporting encrypted root partitions looks pretty good. Here
2 are some comments:
3
4 First, I think it is key that the creation of this system is automated and
5 included in the Gentoo installation process.
6
7 Good:
8
9 o your idea of not trusting the boot process is great!
10 o your documentation is pretty strong, including kernel configuration
11
12 Potential room for improvement:
13
14 o perhaps we can think of a better boot process trust protocol?
15 o why not use romfs instead of minixfs? Is minixfs smaller?
16 o why can't usb and crypto be modules, loaded by linuxrc? (this is kind of
17 picky)
18 o why use GPG when a symetric system will do?
19 o no PPC -- but perhaps I can help, as you mentioned
20
21 So, great work overall! I am considering whether I should continue to work
22 on my system or begin contributing to yours. Perhaps two competing systems
23 would encourage innovation...
24
25 By the way, my system is available at
26 http://www.flyn.org/projects/cryptoswap/index.html.
27
28 --
29 Mike
30
31 --
32 gentoo-hardened@g.o mailing list

Replies