21.06.2006 Encrypting the Laptop for GUADEC

See: http://blogs.testbit.eu/timj/2006/06/21/21062006-encrypting-the-laptop-for-guadec/ (page moved)

Traveling with a laptop to a foreign country, waiting at airports, driving in cabs, etc. puts your data at certain risks, considering the number of laptop losses at public places. Now, most of the documents and code on my system is free software or not particularly private anyway, but unfortunately not all. Some work related documents and emails i’m carrying around are not allowed to be disclosed, and so i had to decide whether to identify each one of them and either encrypt or delete them individually (very unattractive to maintain for emails and an automatically sync-ed homedir), or encrypt the laptop harddisk as a whole.
I went for the latter, luckily newer Linux kernels (>= 2.6.4) are meant to provide the necessary mechanisms out of the box. And except for one nasty devfs issue, migrating my Debian sarge system to fully encrypted partitions went surprisingly well. It still took some time to figure the necessary bits involved, especially since initrd-tools requires devfs support which got removed from newer Linux kernels. So i’ve kept notes on the steps performed and put them up here: Debian Rootfs Encryption Notes, mkinitrd 1.201 nodevfs hack.

On other topics, make sure to not miss the EFF video The Corruptibles! provided as The Corruptibles! (Ogg/Theora) and in other formats.