Am Sonntag, 30. März 2008 schrieb ext Neil Bothwick:
> On Sun, 30 Mar 2008 18:50:59 +0200, Dirk Heinrichs wrote:
> > I protect the root fs with a passphrase and all other volumes with a
> > keyfile stored in this fs. No need to mount anything (however, I _do_
> > need an initramfs because of this).
>
> That still means your keys are readable all the time,

By root only, chmod 400 is your friend.

> whereas mine 
> disappear long before the network comes up.

So what? If somebody cracks into your box and gains root access, he can't 
mount /boot and take the keys? You'll need SELinux to prevent this.

Bye...

	Dirk
-- 
Dirk Heinrichs          | Tel:  +49 (0)162 234 3408
Configuration Manager   | Fax:  +49 (0)211 47068 111
Capgemini Deutschland   | Mail: dirk.heinrichs@capgemini.com
Wanheimerstraße 68      | Web:  http://www.capgemini.com
D-40468 Düsseldorf      | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net