Re: Encrypting a partition

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I know this thread is aging a bit, but I thought I'd post some comments,
and link to an article I just put online:

  http://www.msquared.id.au/articles/cryptroot/

The article is titled "Encrypted root on Fedora & CentOS", and shows you
how to encrypt the entire hard drive.  I'll address resume issues and
other things below...


On Mon, Dec 24, 2007 at 11:04:05AM +0000, Luciano Rocha wrote:

> > I want to know how I can encrypt my /home partition which is inside a
> > Logical Volume to increase the security.

My article shows you how to encrypt the entire volume group.

> Then add it to /etc/crypttab:
> chome /dev/volgroup/home none

With my article, you don't need anything in crypttab (including keys or
other sensitive information).



On Mon, Dec 24, 2007 at 09:11:17AM -0800, Alan wrote:

> Does encrypting swap interfere with hibernate or sleep mode on laptops?
> (Just asking in case I ever get sleep or hibernate working on my
> laptop.)

On Mon, Dec 24, 2007 at 05:43:10PM +0000, Luciano Rocha wrote:

> If you wish for a encrypted swap allowing suspend, you'll have to place
> a constant key in crypttab (which isn't secure, unless you also encrypt
> the root), and check if the resume scripts support that case or manually
> add it (not trivial).

If you encrypt the swap itself using a random key each boot, you will have
problems.  If you use a constant key in crypttab, then you don't have any
security unless the crypttab itself (or rather, the filesystem that
contains it) is also encrypted.

If you use the method used in my article above, you should be able to
hibernate and resume without any problems

I've tried and it worked for me, even with a dual-boot.  In fact, I was
able to sleep Windows and resume Linux and vice versa for a much faster
way to switch from Windows to Linux (and vice versa).  Of course, my
Windows partition isn't encrypted, but I don't use Windows as much.


Regards, Msquared...

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux