LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   How to encrypt entire file system? (Fedora 11 64bit) (https://www.linuxquestions.org/questions/linux-security-4/how-to-encrypt-entire-file-system-fedora-11-64bit-739419/)

ESC201 07-11-2009 01:09 PM
How to encrypt entire file system? (Fedora 11 64bit)
 
Hi all, I recently installed Fedora 11 64bit and I am curious about encrypting my entire file system for security purposes.

I've been on Google for a while now and I keep finding info on how to encrypt a specific folder or home directories but nothing on the entire file system (or I'm missing something big here).

Is this possible? It's hard for me to imagine that it isn't. If so, do I need to encrypt the partition my file system is on before installing it? What software should I use? There seems to be so many, it's difficult to keep them all straight. Any help or a point in the right direction is awesome. Thanks! :)

colucix 07-11-2009 02:41 PM
Check the Red Hat documentation, here.

eco 07-11-2009 02:43 PM
No reply to your question yet so I'll attempt to answer.

The following is how ubuntu (amongst others I suspect) do it.

The boot partition is not encrypted so that the initrd file can be extracted with all the necessary modules needed to read the encrypted volume.

The second partition takes over the rest of your disk and has LVM installed so that you can have many partitions/swap. This way, you avoid getting a password prompt for each partition that it encrypted.

Whn you boot, a prompt apears for the passphrase, if successful, your tux will boot.

I'm sure something similar exists or can be made to work for Fedora... it is still a Linux after all. ;)

Hope this helped.

ESC201 07-12-2009 10:56 PM
I was wondering how I'm suppose to boot an encrypted system. Thank you for clearing that up for me eco.

colucix, from what I understand from the Red Hat documentation, to create any encrypted file system, I have to format the device I wish to encrypt first, correct? If so, to encrypt my system I must move everything under / to another drive, then encrypt the drive everything was on, and then copy everything back? I'm really kicking myself for not checking the little encrypt box when I was installing my system now. Live and learn I guess. :(

ESC201 07-17-2009 09:34 PM
Well, after many tries with the Red Hat documentation I found it much easier to just reinstall my system and let Anaconda set up the encryption for me.

Now that everything is working, I want to set it up so that I can use a usb flash drive as a key instead of having to enter a password each time I turn my system on. I've read many articles from searching on Google on this however they mostly deal with unlocking a non-system drive. Is there anyway to do this? Does anyone know of of a good guide? Thanks!

JulianTosh 07-25-2009 08:24 AM
Check this out..

http://binblog.wordpress.com/2008/12...ks-passphrase/


All times are GMT -5. The time now is 07:12 PM.