mirror of https://github.com/tLDP/LDP
updated
This commit is contained in:
parent
2048d88f7a
commit
661849613e
|
@ -27,6 +27,13 @@ Version 1.2.
|
|||
|
||||
<revhistory>
|
||||
|
||||
<revision>
|
||||
<revnumber>v1.2</revnumber>
|
||||
<date>2004-10-20</date>
|
||||
<authorinitials>cd</authorinitials>
|
||||
<revremark>Updated the packages version.</revremark>
|
||||
</revision>
|
||||
|
||||
<revision>
|
||||
<revnumber>v1.1</revnumber>
|
||||
<date>2003-12-01</date>
|
||||
|
@ -61,7 +68,7 @@ Version 1.2.
|
|||
Your hard disk (hda) should contain at least three partitions:
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
hda1: this small (~4 Mb) unencrypted partition will ask for
|
||||
hda1: this small unencrypted partition will ask for
|
||||
a password in order to mount the encrypted root filesystem.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
|
@ -76,29 +83,45 @@ hda3: this partition holds the current GNU/Linux system.
|
|||
At this point, both hda1 and hda2 are unused. hda3 is where your
|
||||
Linux distribution is currently installed; /usr and /boot must
|
||||
<emphasis>not</emphasis> be separated from this partition.
|
||||
</para>
|
||||
</para><para>
|
||||
Here's an example of what your partition layout might look like:
|
||||
</para><para>
|
||||
<screen># fdisk -l /dev/hda
|
||||
|
||||
Disk /dev/hda: 255 heads, 63 sectors, 2432 cylinders
|
||||
Units = cylinders of 16065 * 512 bytes
|
||||
|
||||
Device Boot Start End Blocks Id System
|
||||
/dev/hda1 1 1 8001 83 Linux
|
||||
/dev/hda2 2 263 2104515 83 Linux
|
||||
/dev/hda3 264 525 2104515 83 Linux
|
||||
/dev/hda4 526 2047 12225465 83 Linux</screen>
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
<sect2 id="install-kernel">
|
||||
<title>Installing Linux-2.4.23</title>
|
||||
<sect2 id="install-kernel-2.4">
|
||||
<title>Installing Linux-2.4.27</title>
|
||||
<para>
|
||||
There are two main projects which add strong crypto support in the
|
||||
kernel: CryptoAPI and loop-AES. This howto is based on loop-AES, since it
|
||||
has an extremely fast and highly optimized implementation of Rijndael
|
||||
There are two main projects which add loopback encryption support in the
|
||||
kernel: cryptoloop and loop-AES. This howto is based on loop-AES, since it
|
||||
features an extremely fast and highly optimized implementation of Rijndael
|
||||
in assembly language, and therefore provides maximum performance if
|
||||
you have an IA-32 (x86) CPU.
|
||||
you have an IA-32 (x86) CPU. Besides, there are some
|
||||
<ulink url="http://groups.google.fr/groups?selm=1emrG-1Ck-25%40gated-at.bofh.it">security concerns</ulink>
|
||||
about cryptoloop.
|
||||
</para><para>
|
||||
First of all, download and unpack the loop-AES package:
|
||||
</para><para>
|
||||
<screen>wget http://loop-aes.sourceforge.net/loop-AES/loop-AES-v2.0b.tar.bz2
|
||||
tar -xvjf loop-AES-v2.0b.tar.bz2</screen>
|
||||
<screen>wget http://loop-aes.sourceforge.net/loop-AES/loop-AES-v2.2b.tar.bz2
|
||||
tar -xvjf loop-AES-v2.2b.tar.bz2</screen>
|
||||
</para><para>
|
||||
Then you must download and patch the kernel source:
|
||||
</para><para>
|
||||
<screen>wget http://ftp.kernel.org/pub/linux/kernel/v2.4/linux-2.4.23.tar.bz2
|
||||
tar -xvjf linux-2.4.23.tar.bz2
|
||||
cd linux-2.4.23
|
||||
patch -Np1 -i ../loop-AES-v2.0b/kernel-2.4.23.diff</screen>
|
||||
<screen>wget http://ftp.kernel.org/pub/linux/kernel/v2.4/linux-2.4.27.tar.bz2
|
||||
tar -xvjf linux-2.4.27.tar.bz2
|
||||
cd linux-2.4.27
|
||||
rm include/linux/loop.h drivers/block/loop.c
|
||||
patch -Np1 -i ../loop-AES-v2.2b/kernel-2.4.27.diff</screen>
|
||||
</para><para>
|
||||
Setup the keyboard map:
|
||||
</para><para>
|
||||
|
@ -128,7 +151,7 @@ Compile the kernel and install it:
|
|||
</para><para>
|
||||
<screen>make dep bzImage
|
||||
make modules modules_install
|
||||
cp arch/i386/boot/bzImage /boot/vmlinuz-2.4.23</screen>
|
||||
cp arch/i386/boot/bzImage /boot/vmlinuz</screen>
|
||||
</para><para>
|
||||
If grub is your bootloader, update /boot/grub/menu.lst
|
||||
or /boot/grub/grub.conf:
|
||||
|
@ -139,7 +162,7 @@ timeout 10
|
|||
color green/black light-green/black
|
||||
title Linux
|
||||
root (hd0,2)
|
||||
kernel /boot/vmlinuz-2.4.23 ro root=/dev/hda3 vga=4
|
||||
kernel /boot/vmlinuz ro root=/dev/hda3
|
||||
EOF</screen>
|
||||
</para><para>
|
||||
Otherwise, update /etc/lilo.conf and run lilo:
|
||||
|
@ -149,11 +172,10 @@ lba32
|
|||
boot=/dev/hda
|
||||
prompt
|
||||
timeout=100
|
||||
image=/boot/vmlinuz-2.4.23
|
||||
image=/boot/vmlinuz
|
||||
label=Linux
|
||||
read-only
|
||||
root=/dev/hda3
|
||||
vga=4
|
||||
EOF
|
||||
lilo</screen>
|
||||
</para><para>
|
||||
|
@ -161,32 +183,45 @@ You may now restart the system.
|
|||
</para>
|
||||
</sect2>
|
||||
|
||||
<sect2 id="install-kernel-2.6">
|
||||
<title>Installing Linux-2.6.8.1</title>
|
||||
<para>
|
||||
Proceed as described in the previous section, using loop-aes'
|
||||
<emphasis>kernel-2.6.8.1.diff</emphasis> patch instead. Note that
|
||||
modules support require that you have the module-init-tools
|
||||
package installed.
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
<sect2 id="install-util-linux">
|
||||
<title>Installing util-linux-2.12</title>
|
||||
<title>Installing util-linux-2.12b</title>
|
||||
<para>
|
||||
The losetup program, which is part of the util-linux package, must be
|
||||
patched and recompiled in order to add strong cryptography support.
|
||||
Download, unpack and patch util-linux:
|
||||
</para><para>
|
||||
<screen>wget http://ftp.cwi.nl/aeb/util-linux/util-linux-2.12.tar.gz
|
||||
tar -xvzf util-linux-2.12.tar.gz
|
||||
cd util-linux-2.12
|
||||
patch -Np1 -i ../loop-AES-v2.0b/util-linux-2.12.diff</screen>
|
||||
<screen>wget http://ftp.kernel.org/pub/linux/utils/util-linux/util-linux-2.12b.tar.bz2
|
||||
tar -xvjf util-linux-2.12b.tar.bz2
|
||||
cd util-linux-2.12b
|
||||
patch -Np1 -i ../loop-AES-v2.2b/util-linux-2.12c.diff</screen>
|
||||
</para><para>
|
||||
To use passwords that are less than 20 characters, enter:
|
||||
</para><para>
|
||||
<screen>CFLAGS="-O2 -DLOOP_PASSWORD_MIN_LENGTH=8"; export CFLAGS</screen>
|
||||
</para><para>
|
||||
If security is important, please do not enable passwords shorter than
|
||||
20 characters. Security is not free, one has to 'pay' in form of long
|
||||
passwords.
|
||||
Security is probably one of your major concerns. For this reason, please do
|
||||
not enable passwords shorter than 20 characters. Data privacy is not free,
|
||||
one has to 'pay' in form of long passwords.
|
||||
</para><para>
|
||||
Compile losetup and install it as root:
|
||||
</para><para>
|
||||
<screen>./configure && make lib mount
|
||||
cp -f mount/losetup /sbin
|
||||
rm -f /usr/share/man/man8/losetup.8.gz
|
||||
cp -f mount/losetup.8 /usr/share/man/man8</screen>
|
||||
mv -f /sbin/losetup /sbin/losetup~
|
||||
rm -f /usr/share/man/man8/losetup.8*
|
||||
cd mount
|
||||
gzip losetup.8
|
||||
cp losetup /sbin
|
||||
cp losetup.8.gz /usr/share/man/man8/</screen>
|
||||
</para>
|
||||
</sect2>
|
||||
</sect1>
|
||||
|
@ -200,23 +235,24 @@ Fill the target partition with random data:
|
|||
</para><para>
|
||||
Setup the encrypted loopback device:
|
||||
</para><para>
|
||||
<screen>losetup -e aes256 -S xxxxxxxxxx /dev/loop0 /dev/hda2
|
||||
Password:</screen>
|
||||
<screen>losetup -e aes256 -S xxxxxx /dev/loop0 /dev/hda2</screen>
|
||||
</para><para>
|
||||
To prevent optimized dictionary attacks, it is recommended to add
|
||||
the -S xxxxxxxxxx option, where "xxxxxxxxxx" is your randomly chosen
|
||||
seed. Also, in order to avoid boot-time problems with the keyboard
|
||||
map, do not use non-ASCII characters (accents, etc.) in your password.
|
||||
the -S xxxxxx option, where "xxxxxx" is your randomly chosen
|
||||
seed (for example, you might choose "gPk4lA"). Also, in order to
|
||||
avoid boot-time problems with the keyboard map, do not use non-ASCII
|
||||
characters (accents, etc.) in your password. The
|
||||
<ulink url="http://www.diceware.com/">Diceware</ulink> site offers
|
||||
a simple way to create strong, yet easy to remember, passphrases.
|
||||
</para><para>
|
||||
Now create the ext3 filesystem:
|
||||
</para><para>
|
||||
<screen>mke2fs -j /dev/loop0</screen>
|
||||
</para><para>
|
||||
Check that you correctly entered the password:
|
||||
Check that the password you entered is correct:
|
||||
</para><para>
|
||||
<screen>losetup -d /dev/loop0
|
||||
losetup -e aes256 -S xxxxxxxxxx /dev/loop0 /dev/hda2
|
||||
Password:</screen>
|
||||
losetup -e aes256 -S xxxxxx /dev/loop0 /dev/hda2</screen>
|
||||
</para><para>
|
||||
<screen>mkdir /mnt/efs
|
||||
mount /dev/loop0 /mnt/efs</screen>
|
||||
|
@ -240,7 +276,7 @@ the manual, with the modifications below:
|
|||
<para>Apply the loop-AES patch after unpacking the sources.</para>
|
||||
</listitem><listitem>
|
||||
<para>Chapter 8 - Making the LFS system bootable:</para>
|
||||
<para>Refer to the next section.</para>
|
||||
<para>Refer to the next section (Setting up the boot device).</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</para>
|
||||
|
@ -266,10 +302,13 @@ mke2fs -F initrd
|
|||
mkdir ramdisk
|
||||
mount -o loop initrd ramdisk</screen>
|
||||
</para><para>
|
||||
If you're using grsecurity, you may get a "Permission denied" error
|
||||
message; in this case you'll have to run the mount command outside chroot.
|
||||
</para><para>
|
||||
Create the filesystem hierarchy and copy the required files in it:
|
||||
</para><para>
|
||||
<screen>mkdir ramdisk/{bin,dev,lib,mnt,sbin}
|
||||
cp /bin/{bash,mount,umount} ramdisk/bin/
|
||||
cp /bin/{bash,mount} ramdisk/bin/
|
||||
ln -s bash ramdisk/bin/sh
|
||||
mknod -m 600 ramdisk/dev/console c 5 1
|
||||
mknod -m 600 ramdisk/dev/hda2 b 3 2
|
||||
|
@ -281,24 +320,44 @@ cp /sbin/{losetup,pivot_root} ramdisk/sbin/</screen>
|
|||
It's ok if you see a message like "/lib/libncurses.so.5: No such file
|
||||
or directory", or "/lib/libtermcap.so.2: No such file or directory";
|
||||
bash only requires one of these two libraries. You can check which one
|
||||
is actually needed with:
|
||||
is actually required with:
|
||||
</para><para>
|
||||
<screen>ldd /bin/bash</screen>
|
||||
</para><para>
|
||||
Create the init script (don't forget to replace "xxxxxxxxxx"
|
||||
Compile the sleep program, which will prevent the password prompt
|
||||
being flooded by kernel messages (such as usb devices being registered).
|
||||
</para><para>
|
||||
<screen>cat > sleep.c << "EOF"
|
||||
#include <unistd.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
int main( int argc, char *argv[] )
|
||||
{
|
||||
if( argc == 2 )
|
||||
sleep( atoi( argv[1] ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
EOF
|
||||
|
||||
gcc -s sleep.c -o ramdisk/bin/sleep
|
||||
rm sleep.c</screen>
|
||||
</para><para>
|
||||
Create the init script (don't forget to replace "xxxxxx"
|
||||
with your chosen seed):
|
||||
</para><para>
|
||||
<screen>cat > ramdisk/sbin/init << "EOF"
|
||||
#!/bin/sh
|
||||
|
||||
/sbin/losetup -e aes256 -S xxxxxxxxxx /dev/loop0 /dev/hda2
|
||||
/bin/mount -r -n -t ext2 /dev/loop0 /mnt
|
||||
/bin/sleep 3
|
||||
/sbin/losetup -e aes256 -S xxxxxx /dev/loop0 /dev/hda2
|
||||
/bin/mount -r -n -t ext3 /dev/loop0 /mnt
|
||||
|
||||
while [ $? -ne 0 ]
|
||||
do
|
||||
/sbin/losetup -d /dev/loop0
|
||||
/sbin/losetup -e aes256 -S xxxxxxxxxx /dev/loop0 /dev/hda2
|
||||
/bin/mount -r -n -t ext2 /dev/loop0 /mnt
|
||||
/sbin/losetup -e aes256 -S xxxxxx /dev/loop0 /dev/hda2
|
||||
/bin/mount -r -n -t ext3 /dev/loop0 /mnt
|
||||
done
|
||||
|
||||
cd /mnt
|
||||
|
@ -317,22 +376,21 @@ mv initrd.gz /boot/</screen>
|
|||
</para>
|
||||
</sect2>
|
||||
<sect2 id="bootable-cd">
|
||||
<title>Booting with a CD-ROM</title>
|
||||
<title>Booting from a CD-ROM</title>
|
||||
<para>
|
||||
I strongly advise you to start your system with a read-only
|
||||
media, such as a bootable CD-ROM.
|
||||
</para><para>
|
||||
Download and unpack syslinux:
|
||||
</para><para>
|
||||
<screen>wget ftp://ftp.kernel.org/pub/linux/utils/boot/syslinux/syslinux-2.07.tar.gz
|
||||
tar -xvzf syslinux-2.07.tar.gz</screen>
|
||||
<screen>wget http://ftp.kernel.org/pub/linux/utils/boot/syslinux/syslinux-2.10.tar.bz2
|
||||
tar -xvjf syslinux-2.10.tar.bz2</screen>
|
||||
</para><para>
|
||||
Configure isolinux:
|
||||
</para><para>
|
||||
<screen>mkdir bootcd
|
||||
cp /boot/vmlinuz-2.4.23 bootcd/vmlinuz
|
||||
cp /boot/initrd.gz syslinux-2.07/isolinux.bin bootcd/
|
||||
echo "DEFAULT vmlinuz initrd=initrd.gz ro root=/dev/ram0 vga=4" \
|
||||
cp /boot/{vmlinuz,initrd.gz} syslinux-2.10/isolinux.bin bootcd
|
||||
echo "DEFAULT /vmlinuz initrd=initrd.gz ro root=/dev/ram0" \
|
||||
> bootcd/isolinux.cfg</screen>
|
||||
</para><para>
|
||||
Create and burn the bootable cd-rom iso image:
|
||||
|
@ -346,13 +404,13 @@ cdrecord -dev 0,0,0 -speed 4 -v bootcd.iso
|
|||
rm -rf bootcd{,.iso}</screen>
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
<sect2 id="boot-partition">
|
||||
<title>Booting from a partition</title>
|
||||
<title>Booting from a HD partition</title>
|
||||
<para>
|
||||
The boot partition is an alternate boot device: you might need it
|
||||
if your bootable CD gets lost. <emphasis>Remember that hda1
|
||||
is a writable media and is thus insecure; use it only in case of
|
||||
emergency!</emphasis>
|
||||
The boot partition can come in handy if you happen to lose your bootable
|
||||
CD. <emphasis>Remember that hda1 is a writable media and is thus insecure;
|
||||
use it only in case of emergency!</emphasis>
|
||||
</para><para>
|
||||
Create and mount the ext2 filesystem:
|
||||
</para><para>
|
||||
|
@ -362,8 +420,7 @@ mount /dev/hda1 /loader</screen>
|
|||
</para><para>
|
||||
Copy the kernel and the initial ramdisk:
|
||||
</para><para>
|
||||
<screen>cp /boot/vmlinuz-2.4.23 /loader/vmlinuz
|
||||
cp /boot/initrd.gz /loader/</screen>
|
||||
<screen>cp /boot/{vmlinuz,initrd.gz} /loader</screen>
|
||||
</para><para>
|
||||
If you use grub:
|
||||
</para><para>
|
||||
|
@ -375,7 +432,7 @@ timeout 10
|
|||
color green/black light-green/black
|
||||
title Linux
|
||||
root (hd0,0)
|
||||
kernel /vmlinuz ro root=/dev/ram0 vga=4
|
||||
kernel /vmlinuz ro root=/dev/ram0
|
||||
initrd /initrd.gz
|
||||
EOF
|
||||
grub-install --root-directory=/loader /dev/hda
|
||||
|
@ -398,7 +455,6 @@ image=/vmlinuz
|
|||
initrd=/initrd.gz
|
||||
read-only
|
||||
root=/dev/ram0
|
||||
vga=4
|
||||
EOF
|
||||
lilo -r /loader
|
||||
umount /loader</screen>
|
||||
|
@ -409,30 +465,58 @@ umount /loader</screen>
|
|||
<sect1 id="final-steps">
|
||||
<title>Final steps</title>
|
||||
<para>
|
||||
Modify /etc/fstab so that it contains:
|
||||
Still inside chroot, modify /etc/fstab so that it contains:
|
||||
</para><para>
|
||||
<screen>/dev/loop0 / ext3 defaults 0 1</screen>
|
||||
<screen>/dev/loop0 / ext3 defaults 0 1</screen>
|
||||
</para><para>
|
||||
Remove /etc/mtab and exit from chroot. Finally, run "umount -d /mnt/efs"
|
||||
and reboot. hda3 is not needed anymore, so you can create an encrypted
|
||||
filesystem on this partition and use it as a backup.
|
||||
and reboot. If something goes wrong, you can still boot your unencrypted
|
||||
partition by entering "Linux root=/dev/hda3" at the LILO: prompt.
|
||||
</para><para>
|
||||
Now, if you're low on RAM you'll need some swap space. Let's
|
||||
suppose hda4 will hold your encrypted swap partition; you must
|
||||
create the swap device first:
|
||||
If everything went well, you can now re-partition your disk and encrypt
|
||||
hda3 as well as hda4. In the following scripts, we assume that hda3 will
|
||||
hold the swap device and hda4 will contain /home; you should initialize
|
||||
both partitions first:
|
||||
</para><para>
|
||||
<screen>shred -n 1 -v /dev/hda4
|
||||
losetup -e aes256 /dev/loop1 /dev/hda4
|
||||
mkswap /dev/loop1</screen>
|
||||
<screen>shred -n 1 -v /dev/hda3
|
||||
shred -n 1 -v /dev/hda4
|
||||
losetup -e aes256 -S xxxxxx /dev/loop1 /dev/hda3
|
||||
losetup -e aes256 -S xxxxxx /dev/loop2 /dev/hda4
|
||||
mkswap /dev/loop1
|
||||
mke2fs -j /dev/loop2</screen>
|
||||
</para><para>
|
||||
Then create a script (S00swap) in the system startup directory
|
||||
(/etc/rcS.d/ under Debian):
|
||||
Then create a script in the system startup directory and update fstab:
|
||||
</para><para>
|
||||
<screen>#!/bin/sh
|
||||
<screen>cat > /etc/init.d/loop << "EOF"
|
||||
#!/bin/sh
|
||||
|
||||
echo "password chosen above" | \
|
||||
losetup -p 0 -e aes256 /dev/loop1 /dev/hda4
|
||||
swapon /dev/loop1</screen>
|
||||
if [ "`/usr/bin/md5sum /dev/hda1`" != \
|
||||
"5671cebdb3bed87c3b3c345f0101d016 /dev/hda1" ]
|
||||
then
|
||||
echo -n "WARNING! hda1 integrity verification FAILED - press enter."
|
||||
read
|
||||
fi
|
||||
|
||||
echo "1st password chosen above" | \
|
||||
/sbin/losetup -p 0 -e aes256 -S xxxxxx /dev/loop1 /dev/hda3
|
||||
|
||||
echo "2nd password chosen above" | \
|
||||
/sbin/losetup -p 0 -e aes256 -S xxxxxx /dev/loop2 /dev/hda4
|
||||
|
||||
/sbin/swapon /dev/loop1
|
||||
|
||||
for i in `seq 0 63`
|
||||
do
|
||||
echo -n -e "\33[10;10]\33[11;10]" > /dev/tty$i
|
||||
done
|
||||
|
||||
EOF
|
||||
|
||||
chmod 700 /etc/init.d/loop
|
||||
ln -s ../init.d/loop /etc/rcS.d/S00loop
|
||||
vi /etc/fstab
|
||||
...
|
||||
/dev/loop2 /home ext3 defaults 0 2</screen>
|
||||
</para>
|
||||
</sect1>
|
||||
|
||||
|
@ -442,9 +526,17 @@ swapon /dev/loop1</screen>
|
|||
The Encrypted Root Filesystem HOWTO was first written in november 2002 for the
|
||||
<ulink url="http://www.linuxfromscratch.org/lfs/news.html">Linux From Scratch</ulink>
|
||||
project. I'd like to thank the many people who have since helped me improve
|
||||
this howto (in reverse chronological order): Julien Perrot, Grant Stephenson,
|
||||
Cary W. Gilmer, James Howells, Pedro Baez, Josh Purinton, Jari Ruusu and
|
||||
Zibeli Aton.
|
||||
this document (in reverse chronological order): Luc Vo Van, Jacobus Brink,
|
||||
Ernesto Pérez Estévez, Matthew Ploessel, Mike Lorek, Lars Bungum, Michael
|
||||
Shields, Julien Perrot, Grant Stephenson, Cary W. Gilmer, James Howells,
|
||||
Pedro Baez, Josh Purinton, Jari Ruusu and Zibeli Aton.
|
||||
</para><para>
|
||||
This HOWTO has been translated in various languages:
|
||||
<itemizedlist>
|
||||
<listitem><para><ulink url="http://www.traduc.org/docs/HOWTO/lecture/Encrypted-Root-Filesystem-HOWTO.html">French</ulink></para></listitem>
|
||||
<listitem><para><ulink url="http://www.linux.it/~gaetano/erfs/">Italian</ulink></para></listitem>
|
||||
<listitem><para><ulink url="http://tldp.fsf.hu/HOWTO/Encrypted-Root-Filesystem-HOWTO-hu/">Hungarian</ulink></para></listitem>
|
||||
</itemizedlist>
|
||||
</para><para>
|
||||
Please send any comment to
|
||||
<ulink url="http://www.cr0.net:8040/about/">Christophe Devine</ulink>.
|
||||
|
|
|
@ -653,7 +653,7 @@ settings. </Para>
|
|||
Encrypted-Root-Filesystem-HOWTO</ULink>,
|
||||
<CiteTitle>Encrypted Root Filesystem HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Dec 2003</CiteTitle>.
|
||||
<CiteTitle>Updated: Oct 2004</CiteTitle>.
|
||||
Explains how to make your personal
|
||||
data secure by encrypting your Linux root filesystem
|
||||
using strong cryptography. </Para>
|
||||
|
|
|
@ -1290,7 +1290,7 @@ participation by women. </Para>
|
|||
Encrypted-Root-Filesystem-HOWTO</ULink>,
|
||||
<CiteTitle>Encrypted Root Filesystem HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Dec 2003</CiteTitle>.
|
||||
<CiteTitle>Updated: Oct 2004</CiteTitle>.
|
||||
Explains how to make your personal
|
||||
data secure by encrypting your Linux root filesystem
|
||||
using strong cryptography. </Para>
|
||||
|
|
|
@ -813,7 +813,7 @@ How to set up hardware RAID under Linux. </Para>
|
|||
Encrypted-Root-Filesystem-HOWTO</ULink>,
|
||||
<CiteTitle>Encrypted Root Filesystem HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Dec 2003</CiteTitle>.
|
||||
<CiteTitle>Updated: Oct 2004</CiteTitle>.
|
||||
Explains how to make your personal
|
||||
data secure by encrypting your Linux root filesystem
|
||||
using strong cryptography. </Para>
|
||||
|
|
Loading…
Reference in New Issue