I am running SL via 'livecd-iso-to-disk' from XL-65-x86_64-2014-02-06-LiveDVD.iso, with an encrypted home. Although my overlay is fairly large, I don't know (yet) the rate at which it will grow but expect it to be full eventually, at which point the system would become un-bootable (as it is abundantly pointed out in the livecd-iso-do-disk man page). In preparation for such an eventuality I made an iso of the system fashioned after the LiveDVD iso; for this iso image, it would be simpler not to treat the home directory separatly but to include it in the root filesystem, if that could be encryted, thus my query.
Thanks all for the replies - I will try to followup the pointers and suggestions. Regards, Boryeu On 3/10/14, David Sommerseth <sl+us...@lists.topphemmelig.net> wrote: > On 07/03/14 18:33, Boryeu Mao wrote: >> In building a bootable DVD image (in the manner of >> SL-65-x86_64-2014-02-06-LiveDVD.iso), is it possible to encrypt the >> system? If so, should the file LiveOS/squashfs.img be encrypted, or >> the file ext3fs.img contained therein? and what other changes (for >> example in the boot configuration) would be needed? Hopefully this >> is a question not outside of the design goals. Thanks in advance for >> any help/pointers. > > I've never thought of this need. I don't know if it's possible. The > only thing which cannot be encrypted normally, is /boot. Grub does not > support encryption, but as long as grub can load a kernel and initrd, > the root fs can pretty much be encrypted. You just need to be sure the > initrd contains the needed tools to decrypt the file system (such as > cryptsetup and so on). Dracut has fairly good encryption support these > days. So it should be possible. > > I'm sorry I don't have any wise pointers right now. > > > -- > kind regards, > > David Sommerseth > >
