Tom Sightler wrote:
On Mon, 2008-01-21 at 14:06 +0200, Ahmed Kamal wrote:
That's cool. I guess the real issue is when booting the system and
decrypting. I guess we would need to change some initscripts ? to do
the same
How exactly will this help if you don't dynamically pull the encryption
key during boot? If you just hard code the encryption in the initscript
on the boot disk then someone stealing the disk still has all the
information required to decode the data, and trivially at that.
Of course you could modify your init scripts to parse out some unique
piece of information out of the system to use for the encryption key
(like maybe the UUID or system serial number from dmidecode) but isn't
someone just as likely to steal the entire hardware as just the disk?
Later,
Tom
I think the implication was to dynamically pull the serial for
production use while hard-coding the pre-recorded serial number for
service or recovery purposes.
Jason
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
