> Then you can use a hardware token so that the machine will not boot at
> all with out it present or write an encrypted super block, but I can't
> really see the advantage of encrypted swap.
This doesn't anything. Simply connect the hard disk to another
computer.
> At the point it would become effective, the attacker is already on
> the machine (from remote access or the have physical access) and
> then its not if you can keep them from getting the info, its only a
> matter of when.
The machine has got an encrypted file system, of course (perhaps /usr
is not encrypted, but /home certainly is).
-- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/