With OpenSUSE 11.0 coming out tomorrow, I wanted to know if it has a full drive encryption option like Fedora 9 and Ubuntu 8.04 have.
Appreciate any replies.
Thanks
Yes, it does have a full drive encryption. I’m using it since 11.0 ß1 or ß2, don’t know anymore - and it works fantastic.
Is that a laptop feature specifically?
Sounds good.
How difficult is it to setup? I have the RC1 LiveCD and I cannot see the option…
Are we talking about encrypting the drive OpenSUSE is installed on? And setting up the encryption at install time?
Anyone?
I world rather not replace my current distro if OpenSUSE 11.0 does not make it as simple as ubuntu or fedora to encrypt the full hdd at install time to protect the content of my laptop.
Well, it is that easy, you can set up encryption of the partition at installtime, or after it, if you wish, by manually activating it via the partitionmanager in the yast-controlcenter.
Everytime you start up, you have to enter the password. If you don’t do it (I believe after two minutes), the boot-process goes on, without mounting the partition/drive.
So the typical thing, if your /home is not the same like yesterday … remount your harddisk ;-), entering the correct password.
I think they want to do all the HDD not just home at install.
Now I can’t confirm or deny but with some googling I got here https://bugzilla.novell.com/show_bug.cgi?id=386426 This suggests yast doesn’t handle it but will do in the future.
Ubuntu has this at install-time
[Phoronix] Ubuntu 7.10 Supports Install-Time Encryption](http://www.phoronix.com/scan.php?page=article&item=873&num=1)
fedora has something similar at install-time.
Does opensuse 11 have it? I cannot see it in the livecd during installation.
Going on the bug report I think the answer is no you can’t do / without following the wiki article, yast doesn’t make it possible yet.
Oh well. Maybe something to look forward to in OpenSUSE 12.0?
Bulldust!
openSUSE supported encryption way before Ubuntu even knew what it was!
You can simply tick a box “encrypt” next to each partition you create/format.
I did this with openSUSE 10.3, and it works perfectly under 11 as well.
And yes from the installer on the liveCD.
For your swap and /tmp partitions, simply leave the password blank, and it erases it on each reboot.
Plus, plug in an encrypted volume via USB (while running the liveCD) and it simply asks for the password.
Something the Ubuntu 8.04 liveCD doesn’t do unless you install encryption support, after managing to get your wireless working of course.
mashcaster wrote:
> Ubuntu has this at install-time
> ‘[Phoronix] Ubuntu 7.10 Supports Install-Time Encryption’
> (http://www.phoronix.com/scan.php?page=article&item=873&num=1)
>
> fedora has something similar at install-time.
>
> Does opensuse 11 have it? I cannot see it in the livecd during
> installation.
>
>
You can encrypt the hard drive during install. Just edit the partitions
and check off the encrypt drive portion.
Not sure how to do that, I just downloaded the livecd gnome edition, and was not sure if I should select all the partitions to encrypt?
Or is this only possible in openSUSE 11.0 DVD?
I’ve just written another thread to a similar topic (openSUSE 11.0 install with already encrypted home - openSUSE Forums)
but I think I’m more likely to get an answer here:
is it possible to use an existing encrypted /home-partition during installation or do I have to embed it after installation manually
many thanks in advance 
- Do you enter ONE password for all partitions or is it one password each?
- Does hibernate work with that method? I had head you cannot use hibernation on encrypted swap, but rather leave /swap unencrypted and then use encrypted hibernation (note the difference).
Sorry, haven’t visited this thread in a while
- Do you enter ONE password for all partitions or is it one password each?
No idea sorry, since I only have the one (/home) encrypted. But when you leave a blank password, it never asks. All I can suggest is try playing with different combinations on a spare hard disk.
- Does hibernate work with that method?
Again, no idea because I have never had the urge or need to use Hibenate, and when I tried it once out of curiosity, it just crashed :).
Ah ok, you wrote your post like you actually had encrypted more than your /home partition.
So you don’t really know whether /root can be encrypted during encryption and whether it works, because you haven’t tried it, right?
I wanna use openSUSE on a laptop, so FULL encryption and hibernation is a must.
Ok, THIS posting has proven to be bulldust. Surely, you can encrypt home and root - but then you can’t boot into it.
I’ve been just through any possible procedure - it does not work. I’m very disappointed, especially since encrypting of root was supposed to be a new feature of 11.0.
I’ve tried normal install and LiveCD.
Normal Install doesn’t allow to encrypt root at all.
With the Live CD you can create an encrypted partition and try to install root into that partition, but it will not boot, even with a separated /boot partition.
Also, if at all, a LVM-based approach would make more sense in order to only have to enter ONE password.
I think this is a very basic and necessary feature for laptop users, where it’s possible to lose a lot of sensitive data together with your machine.
I thought this when I posted the bugzilla. Others felt the need to contradict it.
Though I’m intrigued if you read it, it does suggest something is there as to what exactly… I can only presume if / is already encrypted it may use it, but not using encrypted partions I have no incentive to try.
Though perhaps all they are really talking about is it is possible to do / the hard way. 