Hello, if I want to encrypt the whole disk during installation how do I add a /home? I see the guided feature allows for encryption but does not allow me to add the /home if I choose manual and add the /home is their still a way to do the whole disk encryption? Also later on it ask for a private encrypted folder, is this an option for another encrypted folder inside the encrypted disk?

On Ubuntu 8.10 there is an option to install encryption for home only and that section is unencrypted after login from gdm. If your just looking for encryption for your data.

You would have to use the alternate disk and manually configure your partitions.

1. So what you are saying is that I can still do the whole disk encryption by doing the manual partitions setting up a root, home,
and swap? The reason I ask is because I have only read about it setting up to encrypt a root and swap partition.

2. I know the alternate CD after you set up your partitions and everything offers you to set up a private encrypted folder. What exactly is this? Is it just an encrypted folder under root? How big is it? Any way to adjust the size of it?

The help is appreciated.

Well, it is a bit complex and a separate /home partition is going to be a bit of a challenge, especially if you are thinking you are going to share it across distros or preserve the data if you re-install.

By default when you use the alternate CD it will make a /boot partition and a second partition for use as a PV in a LVM.

Now you have many options on the alternate CD including making a separate /home as a LV in your LVM or a separate /home in a separate LVM and/or using encryption without LVM.

If you try to preserve your home partition, and your home partition is encrypted, I do not think you can do that directly with the Alternate CD (meaning you would install , ignore your encrypted /home, then you would have to boot a live CD and reconfigure your new OS to decrypt and mount your old encrypted /home). This process is further complicated by your possible use of LVM.

So, as you can see, it gets messy fast ...

IMO you are best NOT using a separate /home at all and instead (if you are using an encrypted system) back up /home (keep the back up encrypted) with any tool such as tar or rsync. You would then simply re-install and restore your data from back up.

This second strategy may not be what you are envisioning, but it is easier.

===============

In terms of the default option to use an encrypted home, I do not know the specific details but your entire home directory is encrypted. Your home directory is decrypted when you log in (GDM, but not if you ssh in).

When you ssh in you get this :


ufbt% ls -la
Access-Your-Private-Data.desktop README.txt
ufbt%

As you can see, there is nothing in your home.

The README.txt has instructions for decrypting your home


ufbt% cat README.txt
THIS DIRECTORY HAS BEEN UNMOUNTED TO PROTECT YOUR DATA.

From the graphical desktop, click on:
"Access Your Private Data"

or

From the command line, run:
$ ecryptfs-mount-private

so, run ecryptfs-mount-private , enter your password, and home is not decrypted.

As to size and other specifications and / or moutning this encrypted home in a separate partition and re-installing I do not know.

HTH

http://www.howtoforge.com/encrypting-the-system-manually-upon-installation-ubuntu8.04