On 10/25/2011 05:30 PM, Till Maas wrote:
On Tue, Oct 25, 2011 at 01:45:45PM +0200, Christoph Trassl wrote:
> On 10/25/2011 09:33 AM, Michal Hlavinka wrote:
>> On 10/25/2011 09:30 AM, Harald Hoyer wrote:
>>> On 10/25/2011 09:15 AM, Harald Hoyer wrote:
>>>> It's not only an aesthetic issue. This enables
>>>> possibilities, which were not doable before.
>> ...
>>> - mount rootfs encrypted - mount /usr not encrypted (no secrets
>>> here)
>>
>> this is already possible, I use this setup for a long time.
>
> Does not seem to make any sense to me, unless you verify that no
> one has messed with your binaries/libraries in /usr.
Does not seem to make any sense to me, unless you verify that no one
has messed with your kernel/bootloader in /boot or /dev/sda.
Correct.
Verifying the kernel/bootloader could easily been done within seconds -
at every boot.
If you can do it as fast for gigs of data in /usr, please tell me how.
Christoph.