Find the answer to your Linux question:
Results 1 to 4 of 4
I'm trying to test the feasibility of an idea: I want to encrypt a laptop's hard drive in its entirety. I was planning on doing this by having /boot on ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined! monday90's Avatar
    Join Date
    Oct 2006
    Location
    United Kingdom
    Posts
    82

    Entire disk encryption


    I'm trying to test the feasibility of an idea:

    I want to encrypt a laptop's hard drive in its entirety. I was planning on doing this by having /boot on a partition on a removable usb stick. As long as the host laptop supports booting of USB I see no reason why this wouldn't work. It is not the most elegant of solutions though. Are there any other suggestions on how I might achieve this? The only condition I have is that everything stored on the laptop hard drive must be encrypted.

    Many thanks.
    Monday.

  2. #2
    oz
    oz is offline
    forum.guy
    Join Date
    May 2004
    Location
    arch linux
    Posts
    18,733
    I've never tried it myself but it appears that TrueCrypt will encrypt an entire hard drive:

    TrueCrypt - Free Open-Source On-The-Fly Disk Encryption Software for Windows Vista/XP, Mac OS X and Linux

    Encrypts an entire partition or storage device such as USB flash drive or hard drive.


    Edit: Oops... looking at this a bit further it appears that it might not do what you want.
    Last edited by oz; 06-17-2009 at 08:46 PM.
    oz

  3. #3
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, or in a galaxy far, far away.
    Posts
    11,158
    Quote Originally Posted by ozar View Post
    I've never tried it myself but it appears that TrueCrypt will encrypt an entire hard drive:

    Edit: Oops... looking at this a bit further it appears that it might not do what you want.
    For full disk encryption from boot-loader to OS, it only supports Windows at this time. You can create a TrueCrypt volume which is mounted in the file system. I don't know what else the Linux version is capable of, such as encrypting a hard drive partition.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  4. #4
    Just Joined!
    Join Date
    May 2008
    Posts
    12
    Forget about Truecrypt. Its major focus is on Windows and always has been.

    Look into dm-crypt/LUKS, which is the standard for Linux WDE. I am not sure what distro you are using, but if its one of the buntu's you can download the "alternate install cd" and follow the directions here: hxxp://oei.yungchin.nl/2008/04/23/installing-ubuntu-804-with-full-disk-encryption/ (substitue http for hxxp). I used this method for my Kubuntu box and all of my partitions are encrypted (except for /boot which is not a concern anyway).

    If you're using Fedora, you can use dm-crypt/LUKS during install with a few simple clicks of the mouse.

    No matter what distro, just be sure to put your /boot partition on a USB stick and not on the drive itself (considering this is what you said you wanted). So, just make a provision for that.

    P.S. Putting /boot on a USB really is only more secure if you're concerned about someone physically compromising your /boot partition and putting a keylogger on it or something. Unless your computer will be used in a hostile environment, I don't see much benefit of a separate USB /boot partition. The encryption keys are not stored on the /boot partition anyway.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •