[ltp] Suspend with crypted swap?

[Richard]

> I am all for encrypted swap (and suspending to it). But to me it makes no 
> sense to encrypt /, or /var or anything else except:
>
> * /home
> * /tmp
> * swap
>
> ... because none of the information in / is really a secret, except the 
> aforementioned partitions. There is of course stuff like /etc/shadow and 
> /etc/wpa_supplicant.conf (but it can be moved to an encrypted partition), but 
> other than that, what is in cleartext in / that is NOT located on the 
> partitions above?

Hmm - I'd suggest you encrypt /var.  For example, /var/spool/mail, 
/var/lib/pgsql (postgres) etc. I agree that it's a waste of time (and 
performance) to encrypt most of /, and definitely things like /bin, /sbin 
and /usr can be left in cleartext.


Once you get everything sorted, please do put a summary on the web (and 
post here) - it would be interesting to read, and would make a useful 
addition to eg thinkwiki.org

Regards,

Richard



P.S. If you have a firewire port (or pcmcia slot which might allow one to 
be hotplugged), then don't leave your machine unattended while in 
suspend-to-ram mode. Firewire devices can, by default, snoop on the host's 
RAM. (this is a great feature for debugging a kernel panic; not so great 
if you want to keep your machine's RAM secure if it's stolen while 
suspended). There are config options to change this; google for more.