From: <cw...@xm...> - 2007-08-03 22:19:32
|
I have a need to create a linux box that the physical security may not =20 be the best (i.e. I can't trust who is using it to not try to mess =20 with it). I need to be able to lock down the hard drive -- encrypt it with =20 loop-aes or something so that the drive cannot be removed and accessed =20 on another machine. I have to use debian linux, which is good because =20 it already supports encrypted drives during install (from what I read). I see that there are linux packages out there for supporting a small =20 boot drive (unencrypted) and then accessing the rest of the drive =20 after receiving a password (via manual user input, usb stick, etc). =20 These are not optimal solutions for handling the password in my =20 situation since I will be administering the machines remotely and =20 don't want users having to touch the machine. TPM seems to be a good candidate for storing the key so that the =20 password doesn't need to be known by the user. Is anybody out there using the TPM tools in linux to have an encrypted =20 hard drive setup? Is there a better what to achieve my goal? C. |