Secure Boot from USB drive
 

I'm trying to find a way to lock down my laptop as much as possible guarding against a scenario where it gets stolen and a smart linux savvy dude finds it. I want to be able to boot from a USB while I have my hard drive encrypted with DMcrypt or a proprietary drive that support full drive encryption. The challenge is how to "really" secure the boot process.

The best solutions I've come across are booting from external media (CD or USB drive). I couldn't find any in depth how-tos on setting up to boot from a USB to a secure file system. Any suggestions or points in the right direction would be great!

Backup your data - and reinstall ubuntu while the pendrive is plugged in.
One of the partitioning options is to use whole disk encryption, and put the /boot partition on the pendrive. Ubuntu installer does the rest.

However - unlike some proprietary offerings, you are quite safe just encrypting the root partition (seperate boot partition). /boot contains only static files and nothing in going to get written to this. you can just keep your keyring on the - ahem - key.

Bear in mind that it is very difficult to protect against someone with physical access to the machine.