The main reason for wanting to use whole HD encryption is that operating systems often litter unrelated parts of the hard drive with bits of applications' data - this could be temporary files, swap files, or just about anything really.

So in order to be totally safe, encrypt the whole HD.

It is true that you would need to have some of the HD unencrypted to store the decryption software - otherwise the bios would have a hard time booting.

But not very much - only just enough to get the system going.

Also, the performance argument is largely irrelevant - modern CPUs can do encryption much faster than modern hard drives can read / write data. There would of course be a performance hit - but not much.

I've run stuff from encrypted volumes before, and it isn't noticably slow.

Also, the OS itself would not be encrypted in RAM, only on disc. Once it's loaded, it would run at full speed.

I can't see any reason why it would not be feasible.

Ok, on Windows it would be a bit tricky, because the software manufacturer would have to write some low-level drivers for use during boot. Also they would have to persuade Windows to install on an encrypted drive. But otherwise it should ok.

On Linux it *should* be a walk in the park, just use an initrd (as Red Hat already do) - which would be unencrypted on a small /boot partition - and store the encryption software in there.

The password would be prompted for at boot time before anything very much loads, and would be retained and used for the entire session.

Slarty