zimob, encrypting whole /home/user is extremely bad idea. You do *not* want to be in need to FIASCO reflash, after doing so.

Proper way is to have dedicated partition encrypted via truecrypt, files moved there, and symlinked.

yablacky, You described it correctly - the one and only benefit of device lock code re truecrypt, is that it makes device unusable, until at least 1 reboot (either, if lock code on boot isn't asked - device locked manually - or, to reflash, wchich, obviously, require reboot). Rebooting make already mounted TC partitions unmounted, so no access to them without password and/or keyfiles.
---

Ideal solution, would be to, indeed, have some kind of "lock code" replacement, that, upon failing, result in unconditional unmounting of all TC partitions. This can be tricky, as files on mounted Tc partitions are - typically - in use (by messaging, contacts, etc), and I've observed - many times - that even forcing unmount doesn't work. a workaround, would be to reboot unconditionally upon fail to "unlock", but it would be very irritating - in case of accidental mistakes.

Of course, there is also dilemma, how to *not* "scare" thief - yablacky perfectly described it, we need solution, that make phone pretend to be in usable state.

It require some thinking, as - for example - messages, contacts, etc, stored on truecrypt partition and symlinked, behave in weird way, when don't have access to TC partition - basically, it "seems" to work, but don't save changes, etc. Such oddities could make thief/ new "owner" to reflash anyway, getting rid of SMSCON in the process.
---

i'm sure it's achievable, but would require smart programmer (yablacky, i'm looking at You ) coming with ideas to overcome problems mentioned above, and, of course, implementing those ideas.

/Estel

// Edit

for example, problem with usual things like messaging, contacts, etc, being symlinked to truecrypt part, yet, not having access to it (when new "owner" uses device) - it would require quite complicated logic, to re-create symlinks pointing to "disposable" (i.e, worthless for true owner) location, that got deleted (and truecrypt symlinks recreated), as soon as proper encrypted partition is accessible again.

It sounds PITA, but, in reality, would require few relatively simple (yet, well-tested) sh scripts. Or anyone have better idea?