Results 1 to 6 of 6

Thread: Encryption

  1. #1
    Join Date
    Apr 2010
    Location
    i am location
    Posts
    1,421

    Default Encryption

    Hi, i just wonder if you
    a) need or b) can encrypt you whole harddrive.

    Under Windows i used Truecrypt but i know read that under Linux you only
    can encrypt a partition but not in general the whole harddrive.
    I looked a little through the how-to's but the answers weren't
    sufficient to me.

    --

    Windows, supports nearly all software, hardware, and viruses.
    Linux Counter: 548299 https://linuxcounter.net/

  2. #2
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Encryption

    On 2012-02-05 18:45, JoergJaeger wrote:
    > Hi, i just wonder if you
    > a) need or b) can encrypt you whole harddrive.


    a) depends on your needs.
    b) yes...

    With software encryption you need at least /boot outside encryption. The
    hard disk firmware can also encrypt, but the support of this in Linux is
    unknown. You need the bios to put the password prompt. I have never seen
    this working. There is a bit of info in the smartctl manual. No, in hdparm(8).


    > Under Windows i used Truecrypt but i know read that under Linux you only
    > can encrypt a partition but not in general the whole harddrive.


    You need at least a minimal boot system to load the driver outside the
    encrypted part. If _all_ is encrypted you can not even read the boot code.
    There is always a bit outside, or bios support, or another disk.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.4 x86_64 "Celadon" at Telcontar)

  3. #3
    Join Date
    Apr 2010
    Location
    i am location
    Posts
    1,421

    Default Re: Encryption

    On 05.02.2012 11:13, Carlos E. R. wrote:
    > On 2012-02-05 18:45, JoergJaeger wrote:
    >> Hi, i just wonder if you
    >> a) need or b) can encrypt you whole harddrive.

    >
    > a) depends on your needs.
    > b) yes...
    >
    > With software encryption you need at least /boot outside encryption. The
    > hard disk firmware can also encrypt, but the support of this in Linux is
    > unknown. You need the bios to put the password prompt. I have never seen
    > this working. There is a bit of info in the smartctl manual. No, in hdparm(8).
    >
    >
    >> Under Windows i used Truecrypt but i know read that under Linux you only
    >> can encrypt a partition but not in general the whole harddrive.

    >
    > You need at least a minimal boot system to load the driver outside the
    > encrypted part. If _all_ is encrypted you can not even read the boot code.
    > There is always a bit outside, or bios support, or another disk.
    >


    I am in luck then. I have a /boot partition
    Well, let me read into the hdparm. It sounds like that not a lot of
    people doing this. Is there any harm if i do this?

    The only reason i would like to do this is in case the computer gets
    stolen. Right now, if you know the password your in. Maybe even that is
    not needed if you boot from a cd.

    --

    Windows, supports nearly all software, hardware, and viruses.
    Linux Counter: 548299 https://linuxcounter.net/

  4. #4
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Encryption

    On 2012-02-05 20:23, JoergJaeger wrote:

    >
    > I am in luck then. I have a /boot partition
    > Well, let me read into the hdparm. It sounds like that not a lot of people
    > doing this. Is there any harm if i do this?


    You haven't yet read the manual, it says "yes" in big letters >:-)

    I'm waiting for somebody to test it and tell me ;-)

    > The only reason i would like to do this is in case the computer gets
    > stolen. Right now, if you know the password your in. Maybe even that is not
    > needed if you boot from a cd.


    Absolutely.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.4 x86_64 "Celadon" at Telcontar)

  5. #5
    Join Date
    Apr 2010
    Location
    i am location
    Posts
    1,421

    Default Re: Encryption

    On 05.02.2012 12:13, Carlos E. R. wrote:
    > On 2012-02-05 20:23, JoergJaeger wrote:
    >
    >>
    >> I am in luck then. I have a /boot partition
    >> Well, let me read into the hdparm. It sounds like that not a lot of people
    >> doing this. Is there any harm if i do this?

    >
    > You haven't yet read the manual, it says "yes" in big letters>:-)
    >
    > I'm waiting for somebody to test it and tell me ;-)


    I am not that fast. I will....

    >
    >> The only reason i would like to do this is in case the computer gets
    >> stolen. Right now, if you know the password your in. Maybe even that is not
    >> needed if you boot from a cd.

    >
    > Absolutely.
    >


    Aha. So then we should have that just to be safe.

    --

    Windows, supports nearly all software, hardware, and viruses.
    Linux Counter: 548299 https://linuxcounter.net/

  6. #6
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,193
    Blog Entries
    3

    Default Re: Encryption

    Quote Originally Posted by JoergJaeger View Post
    I am in luck then. I have a /boot partition
    Yes, I am using encryption.

    I have a small "/boot" partition. And then I have an encrypted LVM for everything else that is openSUSE. The installer handles this correctly, providing you are willing to accept the partitioner defaults. The initial encryption/decryption is managed in the "initrd" so that it is setup fairly early in the boot cycle.

    Quote Originally Posted by JoergJaeger View Post
    The only reason i would like to do this is in case the computer gets stolen.
    Yes, that and safe end-of-life disposal of the disk are the main reasons for encryption.

    It works rather well. The cost of the crypto overhead seems surprisingly small in my experience.
    openSUSE Leap 15.1; KDE Plasma 5;

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •