hi all,
i was wondering if it is possible to encrypt /root and /home partitions. i know it is possible during fresh install but i have missed that chance already.
thnx
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Check out: http://shappyhopper.co.uk/b2154/encryptedopensuse10.3.cgi
Good luck.
kartveli wrote:
| hi all,
|
| i was wondering if it is possible to encrypt /root and /home
| partitions. i know it is possible during fresh install but i have
| missed that chance already.
| thnx
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIWY4/3s42bA80+9kRAnlzAJ4yc2NuIiOQKkW3QcWn/M+8tj66/ACfehhr
NOfcFpIs+m5oJ8TwYybWbZE=
=oZB1
-----END PGP SIGNATURE-----
Hi,
Encryption is done after the install.
I have OpenSuSE 10.3 and followed this How to:
Encrypted Root File System - openSUSE
It takes some time if you wish to encrypt the entire disk and fill it with random data.
But the procedure is simple and effective.
Regards,
Pedro
As a note keep in mind this is encrypting the partition and not the data itself (mainly as a note for others thinking of doing this).
As soon as you have mounted your partition all data is accessible. Of course you will need to know the correct key to mount in the first place and this protects unwanted mounting as such.
If you are looking for specific file or directory encryption tools like TrueCrypt are a very nice addition.
Cheers,
Wj
Hi,
I always had that same question Magic31.
My laptop boots from a usb flash… just in case 
… some call this a complete histeria but it kind of helps me fall asleep better in case someone “grabs” my laptop.
Not because of the data itself but because they can get the hardwre but they will not get my software.
But my question is the following one, being the data written on disk randomized and (in principle) it is, say “impossible”, to mount the partition how can someone pick up the disk and reconstruct the sparse data inside into the original complete files ?
A lot of work … to say the least …
(A note: access files to confidential info like bank and web logins, IRS and the like I always keep under gpg … )
Regards,
Pedro
Hi,
I just want to make one last details clear … with no ambiguity.
In the mentioned link Encrypted Root File System - openSUSEthe encryption of the file system is made indeed after the install, but the /home partition is indeed written from scratch … so any data it contains is lost if there is no backup.
Regards,
Pedro
Hi,
Sorry for the annoyance of going back to old posts, but a friend just called me and his laptop had the partition encrypted just like mine. (I actually help him to install the machine).
The problem is that he made a normal SuSE up-date including the kernel and did not have a back usb flash of the /boot partition.
Like me he places the /boot on a flash usb dongle.
And his last up-date cleaned the grub /boot/grub/menu.lst file and also the initrd file changed the name according to the new kernel version, so I just told him to take a look at the previous boot grub parameters from menu.lst.
As he did not have any backup … ops …
Anyway a phone call was an easy fix.
Very important for anyone that boots from usb flash is to make a backup.
No only for the issue of lost usb flash dongle, but also to compare config files and backup-kernels in case something goes very wrong …
just put two usb flash on the pc.
Make fdisk -l in order to figure where is the original boot flash usb (say for example it is /dev/sdb1)
and them insert the backup flash usb (say for example /dev/sdc1)
umount both devices
and them:
dd if=/dev/sdb of=/dev/sdc
Regards,
Pedro
Good tip Pedro!
Thanks for adding this & it’s a nice way of adding an extra safety measure.
Cheers,
Wj
Hi,
This is also important for those who have the /boot partition on disk.
In a situation where we have an extra boot option with kernel parameters for example a new up-date can override this /boot/grub/menu.lst entry.
So the ideal is that -Before- the up-date anyone should make a backup of the boot system … so that it can be compared with the new kernel and setup installed after the up-date …
Important note: Not that I ever had major problems with SuSE … but this is a precautionary useful procedure …
Regards,
Pedro