** On Feb 18, H. Peter Anvin scribbled:
> > Are there any patches for the kernel, or userland solutions which
> > allow a user to mount an encrypted filesystem (perhaps through
> > loopback) which while mounted, root cannot read? Or is this
> > concept beyond Linux currently?
> >=20
> > I'm thinking of the case where the superuser can admin the
> > machine but due to confidentiality, the data must not be readable
> > by root under any circumstance. Possible?
> >=20
>=20
> While mounted? No. Root has access to the entire machine and
Why not? Just never decrypt data on fs read. Feed the client with encrypted
data and leave it to them to decrypt it.
marek
=20
--qtZFehHsKgwS5rPz
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjivCc0ACgkQq3909GIf5urSowCfQKlJ0dNum1/NPq2WRSCw/S+1
+PgAnRtmTr0IPQhHU3Ch8XvRuqgwAVcv
=Jzol
-----END PGP SIGNATURE-----
--qtZFehHsKgwS5rPz--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/