I’m trying to set up a laptop which needs as much security and privacy as I can get. It turns out the main problem is that I want and need dual-boot: Windows XP Professional and Linux (Debian Etch). Now, Encrypting of all partitions used (except /boot of the Debian installation) is a must. Without dual-boot, this won’t be any problem, but not with the wish to dual-boot.
The Linux side isn’t a real problem, I simply use a dm-crypt’ed partition as the only “physical” volume in an LVM volume group, which contains three logical volumes: Swap, / and /home. This means I only need to enter my LUKS/dm-crypt password once during boot.
Shared partitions (shared between Windows and Linux) are also encrypted with dm-crypt/LUKS and decrypted by FreeOTFE (which is a really nice little OpenSource tool BTW), formatted as FAT32.
The Windows side on its own won’t be too much of a problem either, since BestCrypt, PGP Whole Disk Encryption as well as DriveCrypt PlusPack (this probably isn’t a complete list) allow encryption of the Windows boot partition, but at least the latter two need their pre-boot authentication part (which is needed to be able to decrypt the Windows boot partition) to be installed into the MBR.
Now, I wasn’t yet able to get Linux installed to the disk without breaking the Windows decryption. If anyone knows a program which allows encryption of the Windows boot partition and dual-booting into Linux, I would welcome a hint. Preferably, this solution should use grub as the primary boot manager.