[Discuss] Full disk encryption
Daniel Feenberg
feenberg at nber.org
Wed Jan 4 19:13:38 EST 2012
On Wed, 4 Jan 2012, Matthew Gillen wrote:
> On 01/04/2012 04:23 PM, Daniel Feenberg wrote:
>>
>> On Wed, 4 Jan 2012, Matthew Gillen wrote:
>>
>>> On 01/03/2012 05:03 PM, Tom Metro wrote:
>>>> Daniel Feenberg wrote:
>>>>> The built-in Fedora encryption is no trouble to establish...
>>>>
>>>> What tool do they use? Any other distributions that provide an
>>>> integrated solution?
>>>
>>> Fedora allows you to do whole partition/volume encryption with the
>>> installer very easily. The last time I tried Ubuntu (a couple years
>>> ago), there was an option for "private" home directories. It would
>>> create an encrypted volume for your home directory that was keyed to
>>> your password. It would then get unlocked and mounted when you logged
>>> in. Fedora does something closer to WDE.
>>
>> Does this work with UEFI BIOS motherboards? Does anything?
>
> It's sort of orthogonal to UEFI I think; the secure boot mode of UEFI really
> just controls launching of the bootloader. It doesn't encrypt/decrypt
> anything, it's just check-summing and then executing.
>From my experience, Truecrypt and Compusec are incompatible with UEFI
BIOS, and the Winmagic (Securedoc) documentation mentions this limitation
explicitly. Those are all Windows programs, and I expect Linux could be
quite a different situation, but in the absence of any visible information
on the topic, I have no idea. Presumably there would be no interference
with non-boot partitions, but what about boot partitions? I would leave
the boot partition unencrypted, but I already signed agreements promising
FDE for the machines, not realizing that UEFI would make that difficult.
Daniel Feenberg
>
> Am I wrong?
>
> Matt
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
More information about the Discuss
mailing list