Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: Entire System / Boot Sector Encryption

  1. #11
    Join Date
    Nov 2007
    Beans
    331
    Distro
    Ubuntu 12.04 Precise Pangolin

    Question Re: Entire System / Boot Sector Encryption

    Booting from thumbdrive is a delicious idea

    I will not try it this time around, one reason being that I might lose the thumbdrive.

    I need help with the installation though, because it is beyond me. Please help me out with the options I should pick.

    This is the set up. I have 2 hard disks, A) large, B) small.

    I want the / partition and /boot partition and swap space on the small drive B), and /home on the dedicated large hard disk A).

    I would definitely like A) encrypted. Maybe getting B) encrypted too would be useful - i don't know.

    I don't know what to select from the partition manager during installation - entire disk encryption lvm... that place.

    How do I ensure that my disk is encrypted and that I have the / /boot swap and /home in the right place?

    please help! Thank you

  2. #12
    Join Date
    Jun 2006
    Location
    Switzerland
    Beans
    Hidden!
    Distro
    Kubuntu Jaunty Jackalope (testing)

    Re: Entire System / Boot Sector Encryption

    if you want to use the large disk as seperate /home then I would

    (1) unplug that large disk
    (2) fully encrypt the small one with the installer
    (3) afterwards seperately encrypt the large disk
    (4) manually add entry to crypttab and fstab for the large disk and make use of keyfiles that reside on the small disk

  3. #13

    Re: Entire System / Boot Sector Encryption

    Quote Originally Posted by yeehi View Post
    This is the set up. I have 2 hard disks, A) large, B) small.

    I want the / partition and /boot partition and swap space on the small drive B), and /home on the dedicated large hard disk A).

    I would definitely like A) encrypted. Maybe getting B) encrypted too would be useful - i don't know.
    You also want the swap space encrypted because it contains data you're working on, fragments of /home that is.
    As for encrypting /, that only makes sense if
    • you don't want people to know what software is installed (can't imagine, but oh well)
    • or you are somehow afraid people will fiddle with your executables (but then life becomes very complicated)
    • or you can't be bothered to make a distinction (that's what applies to me)


    I don't know what to select from the partition manager during installation - entire disk encryption lvm... that place.
    You'll want to do a manual partitioning, if you go with the guided option then everything ends up in one big encrypted logical volume.

    I have a walk-through of manual partitioning on my blog, which doesn't do exactly what you want to end up with, but at least you can see how the partitioning works there. You don't necessarily need LVM, you could also just have plain partitions encrypted if that's what you prefer.
    Last edited by Patsoe; April 28th, 2008 at 10:11 PM. Reason: fixed broken list formatting

  4. #14

    Re: Entire System / Boot Sector Encryption

    Quote Originally Posted by hyper_ch View Post
    if you want to use the large disk as seperate /home then I would

    (1) unplug that large disk
    (2) fully encrypt the small one with the installer
    (3) afterwards seperately encrypt the large disk
    (4) manually add entry to crypttab and fstab for the large disk and make use of keyfiles that reside on the small disk
    That sounds like a nice plan, otherwise you end up entering several passphrases at boot time. I think you can skip point (1) though unless you really get confused by multiple disks in your partitioning menu

  5. #15
    Join Date
    Jun 2006
    Location
    Switzerland
    Beans
    Hidden!
    Distro
    Kubuntu Jaunty Jackalope (testing)

    Re: Entire System / Boot Sector Encryption

    Quote Originally Posted by Patsoe View Post
    (1) though unless you really get confused by multiple disks in your partitioning menu
    I accidentally formatted once the wrong disk... I only had two in there... a 60 GB and 120 GB and I did partition/format the 120 GB one although I knew it was the wrong one... I just was too confident and went ahead...

  6. #16

    Re: Entire System / Boot Sector Encryption

    Quote Originally Posted by hyper_ch View Post
    I accidentally formatted once the wrong disk... I only had two in there... a 60 GB and 120 GB and I did partition/format the 120 GB one although I knew it was the wrong one... I just was too confident and went ahead...
    Yeah, on second thought I wouldn't trust myself with that either...

  7. #17
    Join Date
    Oct 2005
    Location
    Al Ain
    Beans
    7,933

    Re: Entire System / Boot Sector Encryption

    Note that there is not much point in encrypting /, /boot and /usr, since the information on those partitions is public knowledge anyway and all that encrypting those will do is make the machine a tiny little bit slower.

  8. #18

    Re: Entire System / Boot Sector Encryption

    Quote Originally Posted by HermanAB View Post
    Note that there is not much point in encrypting /, /boot and /usr, since the information on those partitions is public knowledge anyway and all that encrypting those will do is make the machine a tiny little bit slower.
    Generally I agree, but there's the scenario where you sometimes leave your laptop lying around (think student dorm) and don't want people messing with it. Everyone could boot in single user mode and replace some stuff in /bin to have a laugh... but not if everything below / is encrypted.

    (I'm not so paranoid that I'd care, but paranoid enough to come up with the idea... )

  9. #19
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,554
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Entire System / Boot Sector Encryption

    Anyone find an example of how to boot from a USB stick with the boot sector on it?

  10. #20
    Join Date
    Jun 2006
    Location
    Switzerland
    Beans
    Hidden!
    Distro
    Kubuntu Jaunty Jackalope (testing)

    Re: Entire System / Boot Sector Encryption

    have a look at how to set your usb pen drive to boot with DSL. Basically you'll have to format it, put syslinux on it and then extract the dsl content to it.

    So I'd say it would go like this:

    (1) Format the drive to Fat32 (I think)
    (2) Put Sys Linux on it
    (3) Copy your /boot folder to the pendrive
    (4) Alter your bios to boot from the pendrive

    I will try it in the next couple of days.

Page 2 of 3 FirstFirst 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •