В Wed, 10 Jun 2015 10:19:59 -0700
Lew Wolfgang
On 06/10/2015 09:51 AM, Andrei Borzenkov wrote:
В Wed, 10 Jun 2015 09:24:57 -0700 Lew Wolfgang
пишет: Hi Folks,
The IA Overlords are rattling their sabres again and are demanding that Whole Disk Encryption be applied to all systems to protect data while its "resting". Basically, if a system is off, all data on non-volatile memory devices has to be encrypted. A TPM can be used for authentication once power is supplied, or the system could prompt for a password before booting.
Would openSuSE, or anything else for that matter, support this kind of a thing? I think TrueCrypt came close, but how would it handle multiple 70-TB partitions?
Yes, creating LVM on top of encrypted partition should work. Downside is that you will need to enter password at least twice - for bootloader to unlock /boot and kernel to unlock / (even if they are on the same filesystem).
Thanks Andrei. Would this work with RAID-6 partitions too?
Is it hardware RAID6? Linux MD? LVM RAID6? In principle it does not matter - you have underlying device and create encrypted container on top of it. Which exact combination is supported by yast - I do not know (I think encrypted container on top of Linux MD works).
Would there be any way to have a TPM (Trusted Platform Module) provide the passwords? I think this is how Windows does it in some environments.
I am not aware of any integration with LUKS and it will not work with grub2. There was trusted grub project that did it. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org