Hi all,
I am looking to encrypt a filesystem with a CentOS 6.4 install.
However I note that when using LUKS the system does not boot without prompting for the password encryption key.
I am looking for an drive/filesystem encryption solution which will allow reboots and shutdown/starts of the system so the system continues to function without prompting for a password.
Is there any disk encryption system which allows for this?
thanks,
Ll
Think about that. If the hard drive knows the secret needed to decrypt itself, so would anyone stealing that hard drive. It's like installing a steel security door then welding it open. What possible use would it be?
There has to be some sort of secret which a hacker can't get. If the computer can't get it from a human in person, it has to get it somewhere else, somewhere secure.
I've heard of schemes like keeping a security key on a USB thumb drive, so it will only boot with the USB drive plugged in. Of course, that's no use if someone steals the USB key too.
Plus, it's never secure enough:
Yes in theory I agree with you both. 
Lets just say that I am trying to meet compliance so that I can say the drive is encrypted, and get a check in the box.
So if there is a tool which can achieve the type of 'compliance' I am looking for, I would be interested in hearing about it.
If the encryption doesn't protect him, or he learns better after you sell it to him, he will be very upset. So I'd try the key on drive method then, to avoid misleading them.
As far as I can tell the USB drive would become the magic key that lets it boot. Without it, they need a password.