Results 1 to 4 of 4
Thread: Entire disk encryption
Enjoy an ad free experience by logging in. Not a member yet? Register.
Entire disk encryption
I want to encrypt a laptop's hard drive in its entirety. I was planning on doing this by having /boot on a partition on a removable usb stick. As long as the host laptop supports booting of USB I see no reason why this wouldn't work. It is not the most elegant of solutions though. Are there any other suggestions on how I might achieve this? The only condition I have is that everything stored on the laptop hard drive must be encrypted.
- Join Date
- May 2004
- arch linux
I've never tried it myself but it appears that TrueCrypt will encrypt an entire hard drive:
TrueCrypt - Free Open-Source On-The-Fly Disk Encryption Software for Windows Vista/XP, Mac OS X and Linux
Encrypts an entire partition or storage device such as USB flash drive or hard drive.
Edit: Oops... looking at this a bit further it appears that it might not do what you want.
Last edited by oz; 06-17-2009 at 08:46 PM.oz
Sometimes, real fast is almost as good as real time.
- Join Date
- Apr 2009
- I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
Just remember, Semper Gumbi - always be flexible!
- Join Date
- May 2008
Forget about Truecrypt. Its major focus is on Windows and always has been.
Look into dm-crypt/LUKS, which is the standard for Linux WDE. I am not sure what distro you are using, but if its one of the buntu's you can download the "alternate install cd" and follow the directions here: hxxp://oei.yungchin.nl/2008/04/23/installing-ubuntu-804-with-full-disk-encryption/ (substitue http for hxxp). I used this method for my Kubuntu box and all of my partitions are encrypted (except for /boot which is not a concern anyway).
If you're using Fedora, you can use dm-crypt/LUKS during install with a few simple clicks of the mouse.
No matter what distro, just be sure to put your /boot partition on a USB stick and not on the drive itself (considering this is what you said you wanted). So, just make a provision for that.
P.S. Putting /boot on a USB really is only more secure if you're concerned about someone physically compromising your /boot partition and putting a keylogger on it or something. Unless your computer will be used in a hostile environment, I don't see much benefit of a separate USB /boot partition. The encryption keys are not stored on the /boot partition anyway.