After following up on the suggestions (and thinking some more), I am
concluding that a bootable encrypted root filesystem is perhaps an
over-kill for my need to have in one iso image a complete copy of my
system (including the encrypted home) - the latter for example can be
stored in an encrypted loop-back file easily enough.

For bootable root filesystem, indeed it seems possible (e.g.
), with the aid of live-boot and live-boot-initramfs-tools, etc.  For
myself though, for now this would be left a project for another day.
Help and suggestions were much appreciated.

On 3/10/14, Boryeu Mao <> wrote:
> I am running SL via 'livecd-iso-to-disk' from
> XL-65-x86_64-2014-02-06-LiveDVD.iso, with an encrypted home.  Although
> my overlay is fairly large, I don't know (yet) the rate at which it
> will grow but expect it to be full eventually, at which point the
> system would become un-bootable (as it is abundantly pointed out in
> the livecd-iso-do-disk man page).  In preparation for such an
> eventuality I made an iso of the system fashioned after the LiveDVD
> iso; for this iso image, it would be simpler not to treat the home
> directory separatly but to include it in the root filesystem, if that
> could be encryted, thus my query.
> Thanks all for the replies - I will try to followup the pointers and
> suggestions.
> Regards,
> Boryeu
> On 3/10/14, David Sommerseth <> wrote:
>> On 07/03/14 18:33, Boryeu Mao wrote:
>>> In building a bootable DVD image (in the manner of
>>> SL-65-x86_64-2014-02-06-LiveDVD.iso), is it possible to encrypt the
>>> system?  If so, should the file LiveOS/squashfs.img be encrypted, or
>>> the file ext3fs.img contained therein? and what other changes (for
>>> example in the boot configuration) would be needed?   Hopefully this
>>> is a question not outside of the design goals.  Thanks in advance for
>>> any help/pointers.
>> I've never thought of this need.  I don't know if it's possible.  The
>> only thing which cannot be encrypted normally, is /boot.  Grub does not
>> support encryption, but as long as grub can load a kernel and initrd,
>> the root fs can pretty much be encrypted.  You just need to be sure the
>> initrd contains the needed tools to decrypt the file system (such as
>> cryptsetup and so on).  Dracut has fairly good encryption support these
>> days.  So it should be possible.
>> I'm sorry I don't have any wise pointers right now.
>> --
>> kind regards,
>> David Sommerseth

Reply via email to