easy way to get a password-secured hdd in opensuse 13.2

dear community,

i am looking for an easy way to get a password-secured hdd in opensuse 13.2

which methods, tools or options are suitable?

look forward to hear from you

On Wed, 10 Jun 2015 01:26:01 +0000, dilbertone wrote:

> dear community,
>
> i am looking for an easy way to get a password-secured hdd in opensuse
> 13.2
>
> which methods, tools or options are suitable?
>
> look forward to hear from you

Depends on what you’re looking for. “password-secured” can mean
“bootloader password” or it could mean full disk encryption. Without
knowing your goals, we can’t really advise.

Jim


Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

I use an encrypted LVM. The LVM contains the root file system, the “/home” file system and swap, so those are all encrypted. There is a separate “/boot” which is not encrypted, but there isn’t anything particularly sensitive in “/boot”.

I’m not sure if that’s what you want. It is possible to set that up in the installer.

On 2015-06-10 06:14, Jim Henderson wrote:
> On Wed, 10 Jun 2015 01:26:01 +0000, dilbertone wrote:

>> i am looking for an easy way to get a password-secured hdd in opensuse
>> 13.2
>>
>> which methods, tools or options are suitable?

> Depends on what you’re looking for. “password-secured” can mean
> “bootloader password” or it could mean full disk encryption. Without
> knowing your goals, we can’t really advise.

It can also mean disk firmware encryption, which works transparently and
fast. See hdparm(8), ATA Security Feature Set - that’s about all I know.

I have never figured out how to use this. The password prompt must
appear before anything, including grub, including MBR, loads. IE, it
must be done by the BIOS.


Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

Carlos E. R. donned his tin foil hat and penned:

> On 2015-06-10 06:14, Jim Henderson wrote:
>> On Wed, 10 Jun 2015 01:26:01 +0000, dilbertone wrote:
>
>>> i am looking for an easy way to get a password-secured hdd in opensuse
>>> 13.2
>>>
>>> which methods, tools or options are suitable?
>
>> Depends on what you’re looking for. “password-secured” can mean
>> “bootloader password” or it could mean full disk encryption. Without
>> knowing your goals, we can’t really advise.
>
> It can also mean disk firmware encryption, which works transparently and
> fast. See hdparm(8), ATA Security Feature Set - that’s about all I know.
>
> I have never figured out how to use this. The password prompt must
> appear before anything, including grub, including MBR, loads. IE, it
> must be done by the BIOS.
>

It all depends, here I can in the BIOS password the drive and encrypt then
also password the drive from
the drive interface itself.

Then encrypt the home also the root.

How deep do you want to go???

If you have something that important to hide then do not put it on your
internal drive, simples.

:slight_smile:

Mark
Nullus in verba
Caveat emptor
Nil illigitimi carborundum

good day dear baskitcaise hello dear Robin, hello dear Jim,

many many thanks for the replies.

well i tink that one way would be the LVM way - as far as i know this can be done during the installation and configuration.
It cannot be added afterwards - i.e. after the installation was done…

The disk-firmware encryption might be another solution:

> It can also mean disk firmware encryption, which works transparently and
> fast. See hdparm(8), ATA Security Feature Set - that’s about all I know.
>

well i have to make up my mind - if there is a quick and easy way - that would be very nice!

:wink:

probably the LUKS way is one of the most important here. - to mention…

LUKS - Linux Unified Key Setup
cf. https://wiki.ubuntuusers.de/LUKS

it can be done with / during the installation - but i guess that this also can be added after installation !?

On 2015-07-14 17:16, dilbertone wrote:
>
> probably the LUKS way is one of the most important here. - to mention…
>
>
> LUKS - Linux Unified Key Setup
> cf. https://wiki.ubuntuusers.de/LUKS
>
> it can be done with / during the installation - but i guess that this
> also can be added after installation !?

No.

Short answer :slight_smile:

The long answer would be too long. It would be quite difficult to do.


Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

If you want the root file system to be encrypted, then that’s best done by reinstalling.

If you only want “/home” and swap encrypted, you can do that after install but you will lose all data on “/home” unless you backup first and restore later. And, even then, you need to know enough about linux to update “/etc/fstab” and probably to rebuild the “initrd” if you encrypt swap. For an inexperienced user, encrypting during install is probably easier.

hello dear Carlos & Jim

For an inexperienced user, encrypting during install is probably easier.

i think so - you can choose the option LVM and go the LURKS way after that

Note: i have a new notebook - without any data on it. So i can do a fresh install.

no problem here.
For me -as an inexperienced user, encrypting during install is much easier.