Entire disk encryption - Linux Forums

06-17-2009	#1 (permalink)
monday90 Just Joined! Join Date: Oct 2006 Location: United Kingdom Posts: 79	Entire disk encryption I'm trying to test the feasibility of an idea: I want to encrypt a laptop's hard drive in its entirety. I was planning on doing this by having /boot on a partition on a removable usb stick. As long as the host laptop supports booting of USB I see no reason why this wouldn't work. It is not the most elegant of solutions though. Are there any other suggestions on how I might achieve this? The only condition I have is that everything stored on the laptop hard drive must be encrypted. Many thanks. Monday.

06-17-2009

#2 (permalink)

ozar

Super Moderator

Join Date: May 2004

Posts: 12,058

I've never tried it myself but it appears that TrueCrypt will encrypt an entire hard drive:

TrueCrypt - Free Open-Source On-The-Fly Disk Encryption Software for Windows Vista/XP, Mac OS X and Linux

Quote:

Encrypts an entire partition or storage device such as USB flash drive or hard drive.

Edit: Oops... looking at this a bit further it appears that it might not do what you want.

__________________
oz

New Members: * README *

Last edited by ozar; 06-17-2009 at 09:46 PM..

06-19-2009

#3 (permalink)

Rubberman

Linux Guru

Join Date: Apr 2009

Location: I can be found either 40 miles west of Chicago, or in a galaxy far, far away.

Posts: 2,662

Quote:

Originally Posted by ozar

I've never tried it myself but it appears that TrueCrypt will encrypt an entire hard drive:

Edit: Oops... looking at this a bit further it appears that it might not do what you want.

For full disk encryption from boot-loader to OS, it only supports Windows at this time. You can create a TrueCrypt volume which is mounted in the file system. I don't know what else the Linux version is capable of, such as encrypting a hard drive partition.

__________________
Sometimes, real fast is almost as good as real time.

06-21-2009	#4 (permalink)
Chronomatic Just Joined! Join Date: May 2008 Posts: 12	Forget about Truecrypt. Its major focus is on Windows and always has been. Look into dm-crypt/LUKS, which is the standard for Linux WDE. I am not sure what distro you are using, but if its one of the buntu's you can download the "alternate install cd" and follow the directions here: hxxp://oei.yungchin.nl/2008/04/23/installing-ubuntu-804-with-full-disk-encryption/ (substitue http for hxxp). I used this method for my Kubuntu box and all of my partitions are encrypted (except for /boot which is not a concern anyway). If you're using Fedora, you can use dm-crypt/LUKS during install with a few simple clicks of the mouse. No matter what distro, just be sure to put your /boot partition on a USB stick and not on the drive itself (considering this is what you said you wanted). So, just make a provision for that. P.S. Putting /boot on a USB really is only more secure if you're concerned about someone physically compromising your /boot partition and putting a keylogger on it or something. Unless your computer will be used in a hostile environment, I don't see much benefit of a separate USB /boot partition. The encryption keys are not stored on the /boot partition anyway.

Posting Rules

You may not post new threads

You may not post replies

You may not post attachments

You may not edit your posts

BB code is On

Smilies are On

[IMG] code is On

HTML code is Off

Trackbacks are Off

Pingbacks are Off

Refbacks are Off

Are you a Linux Guru who is willing to share your in-depth Linux knowledge? Try our new Article submission system.