"sanitizing" disks: wiping swap, non-allocated space, and file-tails

[David Kreil]

Dear Jan,

Thank you very much for your comments!

> > I wonder, in particular, how "system" directories like /var would be 
> > kept on a gdbe partition.
> 
> Much like any other, but the major issue is that, unlike /tmp/ and swap 
> (which can be wiped clean when a machine boots with no ill effects), 
> other partitions need to persist. That means you need to do one of two 
> things:
> 1. Be available when the machine boots to enter the keys to mount the 
> persistent partitions; or
That's fine, that's what I consider a secure solution.

> 2. Store those keys somewhere so the machine can do it for you.
> If you choose (2) then you might as well not use an encrypted partition; 
Yes :-)

So at what stage of boot-up and how do I make the volumes available, prompting for the necessary passphrase? Does not the boot process write into /var/log/* from the very beginning?

With many thanks again for your help

and best regards,

David.


------------------------------------------------------------------------
Dr David Philip Kreil                 ("`-''-/").___..--''"`-._
Research Fellow                        `6_ 6  )   `-.  (     ).`-.__.`)
University of Cambridge                (_Y_.)'  ._   )  `._ `. ``-..-'
++44 1223 764107, fax 333992         _..`--'_..-_/  /--'_.' ,'
www.inference.phy.cam.ac.uk/dpk20   (il),-''  (li),'  ((!.-'