I’m trying out encryption for the first time and reading all the documentation I can find.
I am using a fairly generic partitioning scheme that includes a Windows 7 partition and an extended partition to house my swap, root and home partitions.
d830:~ # fdisk -l Disk /dev/sda: 500.1 GB, 500107862016 bytes 255 heads, 63 sectors/track, 60801 cylinders, total 976773168 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00098b6c Device Boot Start End Blocks Id System /dev/sda1 2048 314574847 157286400 7 HPFS/NTFS/exFAT /dev/sda2 * 314574848 976773119 331099136 f W95 Ext'd (LBA) /dev/sda5 314576896 322971647 4197376 82 Linux swap / Solaris /dev/sda6 322973696 406861823 41944064 83 Linux /dev/sda7 406863872 976736255 284936192 83 Linux Disk /dev/mapper/cr_home: 291.8 GB, 291772563456 bytes 255 heads, 63 sectors/track, 35472 cylinders, total 569868288 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes
I’ve read the following docs and portions:
[li]SDB:Encrypted root file system - openSUSE[/li][LIST]
“Encrypting the root file system, as well as the home, tmp and other partitions is now fully supported in the Opensuse graphical installer. On already installed systems it can be done through the ‘Partitioner’ program in YAST.”
[li]Does that statement only refer to LVM managed file systems because I couldn’t encrypt the root partition - it gave an error? I’ve encrypted my /home to start with and not /var, /tmp or swap because I read this after I installed [/li][/ul]
[li]openSUSE 12.2: Chapter 10. Encrypting Partitions and Files - 10.2 Encrypted Home Directories[/li][ul]
[li]I don’t see the “file container” in my /home partition or the YaST partitioner… I was thinking this could be used as the key for /tmp, /var and swap. I don’t want to have multiple passwords/keys. Does /home even use a file container for it’s encryption? [/li]```
d830:~ # l /home
drwxr-xr-x 4 root root 4096 Sep 11 14:32 ./
drwxr-xr-x 24 root root 4096 Sep 14 11:25 …/
drwx------ 2 root root 16384 Sep 11 20:59 lost+found/
drwxr-xr-x 36 saultdon users 4096 Sep 14 11:45 saultdon/
[/ul] [li][openSUSE 12.2: Chapter 10. Encrypting Partitions and Files - 10.1.2 Creating an Encrypted Partition on a Running System](http://doc.opensuse.org/documentation/html/openSUSE/opensuse-security/cha.security.cryptofs.html#sec.security.cryptofs.y2.part_run)[/li][ul] [li]There isn't anything here to actually tell me how to do this. I understand that I can enable encryption on the partitions /tmp, /var and swap but that this will re-format them. Can I do that while the system is actually "running" or do I have to boot from a live disk to format them? I thought I didn't have to re-format the swap? But will this also require me to have three passwords at login even if I apply the same password to all of them that matched the encrypted home? [/li][/ul] [li][Using Luks encrypted partitions in linux](http://nwrickert2.wordpress.com/2012/05/03/using-luks-encrypted-partitions-in-linux/)seems like a good article and is trying to accomplish something similar to what I want to do.[/li][ul] [li]Is it safe to manually add the required entries into /etc/crypttab, comment out the /etc/fstab entries and reboot, or do I really have to decrypt them then format like it's suggested? [/li][li]Can I just add an entry for "/" in /etc/crypttab to finally encrypt root as it's not allowed during installation phase? [/li][/ul] [/LIST] Basically, at this point, [b]I have /home encrypted and want to share that encryption key with the other partitions like swap, /var and /tmp[/b] as suggested in the docs. Encrypting /root would be a plus, but for now if I can learn how to at least extend it to the others, that would be a start. I would like to just use YaST partitioner and enable encryption on /var, /tmp and also swap with matching passwords. But I'm thinking that this will have me entering 4 passwords at boot, even though they all match for /home, /var, /tmp and swap. I am totally new to encryption and still wrapping my head around the concepts and how it runs on the openSUSE platform. Any other information I can provide or help me clarify my understanding is greatly appreciated. Here is a picture of my current setup under YaST partitioner and nothing is under 'crypt files':[IMG]https://lh5.googleusercontent.com/-TNaNoVi7b5M/UFI2YmAgdUI/AAAAAAAAAiI/ZJIzD7-M8Nw/s800/YaST-Partitioner-Setup.png[/IMG]