Author Topic: Linux GUI full disk encryption including /boot  (Read 6285 times)

0 Members and 1 Guest are viewing this topic.

Offline postcd

  • Jr. Member
  • **
  • Posts: 37
  • Karma: 0
  • Gender: Male
  • just curious
    • View Profile
    • Awards
Linux GUI full disk encryption including /boot
« on: October 24, 2014, 05:43:01 pm »
Hello,

im using Windows OS and i wish to switch to Linux with GUI, i dont have any distribution in mind (i know Ubuntu has huge community, so maybe xubuntu). Before i do the Win/Linux switch, i want to ask for a link to tutorial or advice regarding HDD encryption.

Im looking for quick & secure way to encrypt whole filesystem (including /boot) so i have peace of mind that nobody will read any data. I also want easy of use, im linux noob in command line so i prefer GUI tool. Can you please give an advice on solution?
no general writing in my threads please, only helpfull ontopic please

Offline Mark Greaves (PCNetSpec)

  • Administrator
  • Hero Member
  • *****
  • Posts: 18255
  • Karma: 476
  • Gender: Male
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
    • Awards
Re: Linux GUI full disk encryption including /boot
« Reply #1 on: October 24, 2014, 05:51:39 pm »
How about this:

Manual full disk encryption setup guide for Ubuntu 13.10 & Linux Mint 16
(should still apply to [XLK]Ubuntu 14.04 / Mint 17 / Peppermint 5)

Page 1
http://www.linuxbsdos.com/2014/01/16/manual-full-disk-encryption-setup-guide-for-ubuntu-13-10-linux-mint-16/
Page 2
http://www.linuxbsdos.com/2014/01/16/manual-full-disk-encryption-setup-guide-for-ubuntu-13-10-linux-mint-16/2/

[EDIT]

According to this:
http://askubuntu.com/questions/465600/xubuntu-14-04-full-disk-encryption-and-lvm-during-installation
the 14.04 installer offers encryption as part of the installation routine.
« Last Edit: October 24, 2014, 05:56:53 pm by Mark Greaves (PCNetSpec) »
WARNING: You are logged into reality as 'root'
logging in as 'insane' is the only safe option.
pcnetspec.co.uk

Offline postcd

  • Jr. Member
  • **
  • Posts: 37
  • Karma: 0
  • Gender: Male
  • just curious
    • View Profile
    • Awards
Re: Linux GUI full disk encryption including /boot
« Reply #2 on: October 25, 2014, 01:01:52 pm »
Thank You, as per this article i have an impression that all disk encryptions (including yours linked) where /boot stays unencrypted & stored at same computer is vulnerable. So any way how to bypass that mentioned hack and still not carrying an removable device with /boot partition please?
no general writing in my threads please, only helpfull ontopic please

Offline Mark Greaves (PCNetSpec)

  • Administrator
  • Hero Member
  • *****
  • Posts: 18255
  • Karma: 476
  • Gender: Male
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
    • Awards
Re: Linux GUI full disk encryption including /boot
« Reply #3 on: October 25, 2014, 01:36:06 pm »
There is no way (with any OS) to fully encrypt a whole disk against someone with local access and still have it bootable (and that article explains why), but then why encrypt everything anyway .. an encrypted home and swap partitions should be enough (who cares if they can access the system files as long as your home partition with your docs are encrypted and require a password to access), with enough work they'll end up with a bootable OS but still can't unlock your home.

Personally I just prefer having an encrypted folder (EncFS) that requires a password to decrypt/mount:
http://linuxforums.org.uk/index.php?topic=11073.0

There's nothing stopping you layering these things .. full disk encryption, with a separate encrypted home, with an encrypted folder .. but at the end of the day, ALL encryption (including carrying /boot on a USB stick) is only about making access as DIFFICULT as possible .. it will never be 100% proof against a determined attacker with local access and enough time ;)
« Last Edit: October 25, 2014, 01:50:32 pm by Mark Greaves (PCNetSpec) »
WARNING: You are logged into reality as 'root'
logging in as 'insane' is the only safe option.
pcnetspec.co.uk

 


SimplePortal 2.3.3 © 2008-2010, SimplePortal