Ahmed Kamal wrote:
> Seems like I could use dm-crypt to do full disk encryption, with some
> hardware parameter (MAC, CPU s/n ... ) as the decryption key. That would
> prevent someone from mounting the disk, or even dd'ing it to a different
> machine. That's about exactly what I need.
> Not sure if dm-crypt supports getting decryption keys from hardware params
> though ...

If simply being unable to use the drive in another system is sufficient, you
might look into using a TPM (though the TPM drivers aren't in 5.1 and earlier...).

--
Jarod Wilson
jwilson@(protected)

_______________________________________________
rhelv5-list mailing list
rhelv5-list@(protected)
https://www.redhat.com/mailman/listinfo/rhelv5-list