Results 1 to 9 of 9

Thread: Encrypting hardisk

  1. #1

    Default Encrypting hardisk

    hi all,

    i was wondering if it is possible to encrypt /root and /home partitions. i know it is possible during fresh install but i have missed that chance already.
    thnx

  2. #2
    ab@novell.com NNTP User

    Default Re: Encrypting hardisk

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Check out: http://shappyhopper.co.uk/b2154/encr...ensuse10.3.cgi

    Good luck.





    kartveli wrote:
    | hi all,
    |
    | i was wondering if it is possible to encrypt /root and /home
    | partitions. i know it is possible during fresh install but i have
    | missed that chance already.
    | thnx
    |
    |
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFIWY4/3s42bA80+9kRAnlzAJ4yc2NuIiOQKkW3QcWn/M+8tj66/ACfehhr
    NOfcFpIs+m5oJ8TwYybWbZE=
    =oZB1
    -----END PGP SIGNATURE-----

  3. #3
    Join Date
    Jun 2008
    Location
    Portugal
    Posts
    231

    Default Re: Encrypting hardisk

    Hi,

    Quote Originally Posted by kartveli View Post
    hi all,

    i was wondering if it is possible to encrypt /root and /home partitions. i know it is possible during fresh install but i have missed that chance already.
    thnx
    Encryption is done after the install.
    I have OpenSuSE 10.3 and followed this How to:

    Encrypted Root File System - openSUSE

    It takes some time if you wish to encrypt the entire disk and fill it with random data.
    But the procedure is simple and effective.

    Regards,
    Pedro

  4. #4
    Join Date
    Jun 2008
    Location
    The Netherlands
    Posts
    1,273

    Default Re: Encrypting hardisk

    As a note keep in mind this is encrypting the partition and not the data itself (mainly as a note for others thinking of doing this).

    As soon as you have mounted your partition all data is accessible. Of course you will need to know the correct key to mount in the first place and this protects unwanted mounting as such.

    If you are looking for specific file or directory encryption tools like TrueCrypt are a very nice addition.

    Cheers,
    Wj
    Have a lot of fun!

  5. #5
    Join Date
    Jun 2008
    Location
    Portugal
    Posts
    231

    Default Re: Encrypting hardisk

    Hi,

    I always had that same question Magic31.
    My laptop boots from a usb flash... just in case ... some call this a complete histeria but it kind of helps me fall asleep better in case someone "grabs" my laptop.
    Not because of the data itself but because they can get the hardwre but they will not get my software.
    But my question is the following one, being the data written on disk randomized and (in principle) it is, say "impossible", to mount the partition how can someone pick up the disk and reconstruct the sparse data inside into the original complete files ?
    A lot of work ... to say the least ...

    (A note: access files to confidential info like bank and web logins, IRS and the like I always keep under gpg ... )

    Regards,
    Pedro

  6. #6
    Join Date
    Jun 2008
    Location
    Portugal
    Posts
    231

    Default Re: Encrypting hardisk

    Hi,

    I just want to make one last details clear ... with no ambiguity.
    In the mentioned link Encrypted Root File System - openSUSEthe encryption of the file system is made indeed after the install, but the /home partition is indeed written from scratch ... so any data it contains is lost if there is no backup.


    Quote Originally Posted by kartveli View Post
    hi all,

    i was wondering if it is possible to encrypt /root and /home partitions. i know it is possible during fresh install but i have missed that chance already.
    thnx
    Regards,
    Pedro

  7. #7
    Join Date
    Jun 2008
    Location
    Portugal
    Posts
    231

    Default Re: Encrypting hardisk

    Hi,

    Sorry for the annoyance of going back to old posts, but a friend just called me and his laptop had the partition encrypted just like mine. (I actually help him to install the machine).
    The problem is that he made a normal SuSE up-date including the kernel and did not have a back usb flash of the /boot partition.
    Like me he places the /boot on a flash usb dongle.
    And his last up-date cleaned the grub /boot/grub/menu.lst file and also the initrd file changed the name according to the new kernel version, so I just told him to take a look at the previous boot grub parameters from menu.lst.

    As he did not have any backup ... ops ...
    Anyway a phone call was an easy fix.

    Very important for anyone that boots from usb flash is to make a backup.
    No only for the issue of lost usb flash dongle, but also to compare config files and backup-kernels in case something goes very wrong ...

    just put two usb flash on the pc.

    Make fdisk -l in order to figure where is the original boot flash usb (say for example it is /dev/sdb1)

    and them insert the backup flash usb (say for example /dev/sdc1)

    umount both devices


    and them:

    dd if=/dev/sdb of=/dev/sdc


    Regards,
    Pedro

  8. #8
    Join Date
    Jun 2008
    Location
    The Netherlands
    Posts
    1,273

    Default Re: Encrypting hardisk

    Good tip Pedro!

    Thanks for adding this & it's a nice way of adding an extra safety measure.

    Cheers,
    Wj
    Have a lot of fun!

  9. #9
    Join Date
    Jun 2008
    Location
    Portugal
    Posts
    231

    Default Re: Encrypting hardisk

    Hi,

    This is also important for those who have the /boot partition on disk.
    In a situation where we have an extra boot option with kernel parameters for example a new up-date can override this /boot/grub/menu.lst entry.
    So the ideal is that -Before- the up-date anyone should make a backup of the boot system ... so that it can be compared with the new kernel and setup installed after the up-date ...

    Important note: Not that I ever had major problems with SuSE ... but this is a precautionary useful procedure ..

    Regards,
    Pedro

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •