On Sun, Dec 21, 2008 at 07:47:15PM +0100, David Nielsen wrote:
I've been running using dm-crypt for a while now but it seems to
me that
when all I have is some photos and documents I don't want to fall into the
wrong hands in case my machine is stolen, it's seems like overkill to
encrypt everything. Additionally it's some what cumbersome to have to unlock
the drive during boot. Another problem might be the performance hit of full
disk encryption on these low powered netbooks being unacceptable making
those a good target for a more lightweight solution?
Won't solve your unlocking problem, but why not have a separate
encrypted /home partition? I've had separate /home partitions for
years, not for encryption, just because that's the directory I really
care about, so I want to be able to handle it specially anyway.
The other reason to _not_ encrypt the system directories is so that
system files can be easily mmapped into memory. And after all, there
is no secret in the system files.
Rich.
--
Richard Jones, Emerging Technologies, Red Hat
http://et.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.
http://et.redhat.com/~rjones/virt-p2v