add encfs support in initrd.gz possible ?

[tjbradford]

I am trying to create an encrypted cdrom that is

A) bootable into ubuntu

B) secure by encrypting all the files in the squashfs or the squashfs it's self.

I have managed to peform both of the above , thinking encrypting the squashfs is prob the better option.

I now need I think to add support for the encfs at boot time, so i'm thinking i need to and this to initrd.gz is that correct ?

 

[QatQat]

You can have a linux with enxcrypted root (/) partition.
You cannot have an encrypted /boot partition
as initrd is in /boot and it must not be encrypted.

So, you can definitely boot linux with an encrypted / partition on a fixed drive or even a USB drive.

What you need is two separate partitions, one to boot, load linux and ask for a password to decrypt the encrypted / partition.

Can you achieve that on a DVD? I don't think so.

QatQat






--------------------------------------
If I could have sex each time I reboot my server, I would definitely prefer Windoz over Linux!

 

[tjbradford]

I am looking to go down the root of encfs combined with a squashfs which will be encrypted with the encfs, the boot process would be to mount the squashfs after decrypting it and booting from that point ofcourse there needs to be something decrypted as the cd needs to boot and run something to decrypt files on it, i think i need to add the encfs and its dependencies to the initrd.gz tho that was what i was trying to say. can / how do i add the app encfs to the initrd.gz?

basically the script that points to the squashfs would need something like the following

encfs /cdrom/squashfs.file /decrypted

(continue its normal script but point to /decrypted instead of it's normal location.)

anybody understand what i'm trying to say?