[TrouSerS-users] Lock down HD on linux box?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

I have a need to create a linux box that the physical security may not =20
be the best (i.e. I can't trust who is using it to not try to mess =20
with it).

I need to be able to lock down the hard drive -- encrypt it with =20
loop-aes or something so that the drive cannot be removed and accessed =20
on another machine.  I have to use debian linux, which is good because =20
it already supports encrypted drives during install (from what I read).

I see that there are linux packages out there for supporting a small =20
boot drive (unencrypted) and then accessing the rest of the drive =20
after receiving a password (via manual user input, usb stick, etc).  =20
These are not optimal solutions for handling the password in my =20
situation since I will be administering the machines remotely and =20
don't want users having to touch the machine.

TPM seems to be a good candidate for storing the key so that the =20
password doesn't need to be known by the user.

Is anybody out there using the TPM tools in linux to have an encrypted =20
hard drive setup?

Is there a better what to achieve my goal?

C.