# Mount security

## pgray

I am currently engaged in a project putting together a computer that will likely be sold to the general public.  I am grappling with an issue at the moment, and since it will be running Gentoo, I was hoping someone here could help.  The computer needs to be protected against someone with a LiveCD booting it and mounting the HDD (DRM/protected media will be present on the HDD).  Of course standard procedures like locking the BIOS and turning off CD booting will be taken, but I am looking for something a little more severe.  Is there some way to either encrypt the filesystem, or require the kernel/program that mounts it to be registered in some way?  I was looking at dm-crypt in the 2.6.3-mm kernel, but I don't want the user to have to enter a password at each boot.  This machine will be a HTPC, so it will likely be missing a keyboard and mouse most of the time.  Is there any advice you can give me on how to make a partition completely unmountable unless its from the intended kernel/distro/program?  Ideally a solution to this problem would not involve processor intensive encryption, but feel free to respond with solutions that do.  Thank you.

pgray

----------

## liber!

You can encrypt the partitions:

http://www.frech.ch/howto/HOWTO/html_single/Cryptoloop-HOWTO/

and in the Documentation, Tips and Tricks: look at: Howto gpg encrypt your root using udev,cryptsetup,dm-crypt

I don't know how processor intensive it is...

it are both different techniques and I don't have much experience with any of them, but I'm studying the subject.

Greets,

Nathan

----------

## evilben

I've seen motherboards that come with an encryption module for the hard drive, and require that one of the included USB keys be plugged in for the computer to boot. Couldn't find a link for one, though...

----------

