>planning to install -current on my Thinkpad T450s (SSD).
>
>I need to have several data directories encrypted, however would not mind
>whole-disk encryption. Which method would be more supported / recommended?
>Whole-disk encryption or creating a container file, loop device and then
>virtual devic
>> mtree(8) with -K sha1digest might be enough, and is in the base
>> system.
>It's a bit more complicated. You have a bitrot if the file checksum
>changed
>AND the modification time hasn't changed. Files that are updated will be
>reported as corrupted, which may be boring.
>If you have archiving
>In order for me to trust AMD's implementation, they first need to can
>that ridiculous Platform "Security" Processor. It is as useless and
>dangerous as Intel Management Engine, running unknown code.
Who know, maybe they are going to open source their firmware?
https://news.slashdot.org/story/17/
Do you mean Cold boot attack?
For Linux there are patches called TRESOR. There are also other cache-based key
storage solutions.
Anyway it means implementing complicated kernel solution to address one, very
specific and uncommon threat.
4 matches
Mail list logo
