LinuxQuestions.org - Encryption on Ubuntu Lucid after installation

- Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)

- - Encryption on Ubuntu Lucid after installation (https://www.linuxquestions.org/questions/linux-general-1/encryption-on-ubuntu-lucid-after-installation-821313/)

Encryption on Ubuntu Lucid after installation

I'm a relative newby to Linux so forgive me if this is a simple question.

I know that if you install Ubuntu using the alternate CD, you can create a whole disk encrypted installation, but what about after a normal installation? What is the best procedure to use to get more than just the home folder encryted?

Installation of Fedora 13 gives the option during a normal install to encrypt more than just the home folder.

I really only want to encrypt my Ubuntu partition. I have a laptop with a multi-boot setup with Windows 7, Fedora 13 and Ubuntu 10.04 all residing in their own partition. Because of this setup I really can't use whole disk encryption.

I use Truecrypt on my Windows 7 partition and it works great but encryption of a Linux system partition is not supported.

It is true that Truecrypt can be used on Linux but not for encryption of the entire Linux system partion.

I think it'll be difficult to do a "full" system encryption after the setup, because you'd probably need to wipe your existing partitions during the process. A home partition might well work, because you don't actually need it to run the system, but root parititon is then a whole other story..whatever way there is, I think it involves running the system a while from someplace else than the actual installation, which makes it more or less the same as if you'd just reinstall the system. Also, if you do reinstall, you don't have to think about gimmicks, just take backups, do the job and push the backups back in. Easier, safer and for all I know, faster too.

Remember that even if you do encrypt your "whole" system, you'll still have to leave a small portion unencrypted (so you can boot), and that's the weak point. At present, nothing you do will make the system inpenetrable, if you're even a little paranoid. Though if your biggest worries are younger-than-teen kids and their pranks, you're all right.

The easiest and quickest way is to use the alternate install cd. Create 2 partitions for Ubuntu, one for /boot and one as an luks container (encrypted partition). Use your luks container as a physical volume for LVM and create logical volumes for / (root), swap and /home, /tmp if you wish.

Then run through the install as normal. What your left with is everything except /boot encrypted, because there is only one container you only need one passphrase to boot the system. Even swap is encrypted so you can hibernate safely.