On 3/5/07, rayservers support <support@rayservers.com> wrote:
... If you are after strong security, you want to ensure, at a minimum, encrypted swap and /tmp as well.
agreed. full disk crypto with a tamper resistant pre-boot auth/loader is the only way to go... :)
... The cost of the time you will spend putting all the pieces of the puzzle together is likely to exceed the premium you would pay us for a secured notebook.
absolutely. i did a poor job pointing this out in my original post when i mentioned how much almost every distro out there sucks in the respect. good key management and an easy pre-installed FDE setup (with VMs! and even dual boot, etc!) is hard and well worth the cost of paying someone skilled at such things to do it for you...
We are aware of the cheap VIA notebooks
most of the distro builds of openssl, openssh, entropy daemon (if present), and other tools don't currently take advantage of padlock acceleration. this is one element that would be nice to see more collaboration on implementation (in any camp, bsd, linux, etc) my friend got his nc1500 today from a thurs morning order. it runs ubuntu edgy with a modified kernel and tools (see below) including loop-aes and padlock accel for fde, ipsec, openssl, openssh, openvpn, and entropy daemon for hw_random to /dev/random processing. best regards, the below part: if you'd like to help seed the c5/c7 dev tarball and iso torrents (and same for janusvm dev torrents with some new features to test) send me an email for early seeding of the torrents. thanks!