The goal is to have a machine where all hard disk content is encrypted so
an attacker has first to crack this to gain information. The problem is:
how to boot? I thought of a key disk with the decryption keys an a small
kernel to decrypt the parts needed to initiate an "normal" boot (i.e.
kernel, mount, the config files...). Then the decrypted kernel form hard
disk
is started and takes over the system. This way one kann recompile and patch
the kernel without having to watch the size available on the boot/key disk
and does not need to recreate it every time since it is thought to do a
capabilities implementation which would need a lot of recompiles to test...
To de-/encypt it is thought of using the existing method via loop/cryptoapi.
Btw: As there will be a kernel level capabilities implementation, an
attacker
should not be able to mess around with the kernel, so a plain-text boot
partition is out of question (the disk can be locked away).
As an explanation: I study on a polytechnical and my contribution
to this project will be my diploma.
-- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/