Linux disk encryption with Boot-132 ?

[msingh]

As a long time user of full disk encryption (excepting /boot) with Linux on all my production / work machines, I am wondering if the boot-132 method (http://forum.insanelymac.com/index.php?showtopic=113288) can be adapted to do something like this :

 

1. You remove the laptop hard drive and connect it using a USB enclosure.

2. Using a linux machine, you set up two partitions on this drive, /boot and /sda2_crypt (LUKS encrypted) which is an LVM container which will house the Mac install.

3. Install a small linux bootloader on /boot and use it to decrypt the disk and initiate the Mac boot/install (like boot-132 does now).

 

I do not think that LVM requires the containers to be any particular filesystem - so it can be HFS+.

 

I know lots of you are wondering - why do this ? The reason is simple - security, privacy and reliability. Security - you need full disk encryption. Privacy - you cannot really trust anything closed source for something as critical as this (LUKS is open source - so no back doors). Reliability - since LUKS is heavily battle tested (especially with essiv), I personally do not trust any other scheme. Truecrypt for Mac does NOT offer full disk encryption.

 

Any ideas how this might be done ?