site
contact
newsFrugal install encryption of working partition
I posted yesterday about enhancements to frugal installation:
http://bkhome.org/news/201811/automatic-fixing-of-bootspecs-for-frugal-install.html
Another area that needed improvement is handling of encryption. In
the case of a flash-stick, the working-partition is created at first
bootup, and it is created with ext4 filesystem with encryption
capability enabled.
However, for a frugal install, the working-partition is pre-existing.
For encryption, enter a password at bootup to decrypt certain folders
in the working-partition. It must be an ext4 filesystem, and must have
encryption capability enabled.
The 'init' script in the 'initrd' now checks for this. If it sees
that the pre-existing working-partition is ext4 but does not have
encryption capability enabled, it offers to enable it (using the
'tune2fs' utility).
If the user chooses in the affirmative, then a password is asked for.
Otherwise, the ext4 filesystem is left alone, and no password is asked
for.
This is a frugal installation, so the working-partition could be used for other purposes, including many other frugal installations. I don't think that turning on encryption capability will have any negative impact on whatever else is in the working-partition.
Tags: easy