I know on windows that TrueCrypt can do full system encryption with a pre-boot security option, but i dont see a way to do it for linux :(

I also know that 8.04 has an "on install" kind of full system encryption. My question is can i do a full truecrypt windows style encryption on my already in place and very configured ubunutu install? I would hate to redo it all to install a fresh system, but i will if i have too.

Use the alternate CD and install with LUKS.

I know on windows that TrueCrypt can do full system encryption with a pre-boot security option, but i dont see a way to do it for linux :(

I also know that 8.04 has an "on install" kind of full system encryption. My question is can i do a full truecrypt windows style encryption on my already in place and very configured ubunutu install? I would hate to redo it all to install a fresh system, but i will if i have too.

Not directly. encrypting your installation is akin to formatting the partition.

You could migrate the installation, but that will take more time then backing up your data and performing a fresh install.

http://news.softpedia.com/news/Encrypted-Ubuntu-8-04-85271.shtml

I know on windows that TrueCrypt can do full system encryption with a pre-boot security option, but i dont see a way to do it for linux :(

LUKS
http://oei.yungchin.nl/2008/04/23/installing-ubuntu-804-with-full-disk-encryption/

I'm thinking i'll just format it then....thanks guys

Ok so i went ahead and formatted with an encrypted lvm. My next question:

Is there a way to make the encryption pre-bootloader? Because i havent really tried yet but im betting grub can be manipulated or exploited to bypass it. Unless im wrong.

That is a potential problem. As of yet grub can not read a LVM or an encrypted partition directly, so most everything in /boot needs to be on an un-encrypted partition.

Most people solve this problem using a removable flash drive and putting /boot onto a removable device.

I know this makes me sound like a typical windows user, but thats too much work :)

Most people who get their hands on my laptop wont even know where to start. I almost wish i could setup a "go go gadget" style of self destruct if the password is wrong three times.

I know this makes me sound like a typical windows user, but thats too much work :)

Most people who get their hands on my laptop wont even know where to start. I almost wish i could setup a "go go gadget" style of self destruct if the password is wrong three times.

Well, that is your choice, and there is nothing wrong with that.

I agree with you, it is too much work. If somebody knows has physical access they can have /boot, my install is encrypted and that is sufficient for my needs as well.

There are far far easier ways to crack a system the installing a cracked kernel or messing with /boot and any cracker with physical access would almost certainly go one of those routes.

I figure if they actually manage to get they're hands on the computer or the drive, and they can actually get past the bios password, encryltion, and login screen then nothing i did was probably going to stop them anyhow.

It's not like i hold the secrets to area 51, but im a Bondsman and a Bounty Hunter so theres 14 years worth of people's sensitive personal data on here as well as my own.

One last question (i think). Is it possible to encrypt my external drive i just bought as well? Or is it easier to use something like truecrypt? I only plan to use it for backups and storage of some things.

It is easy to encrypt. You can use LUKS, ecryptfs, or truecrypt.

I suggest truecrypt (although I like LUKS also).

Awsome, i appreciate all the help.

Ok one more question about the external. Is there a way to have it where it simply pulls up a password prompt when u plug in the usb cable? Kinf o like how you hit the power button, and get a bios password prompt.

I may use truecrypt, but i would like my boss to be able to plug the drive in once in a while and just enter a password, because he is easily confused and teaching him truecrpyt might just be a pita