Re: retrofitting LUKS encryption on installed system

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Fred Smith wrote:

On Fri, Jun 28, 2013 at 05:21:34PM +0200, J.Witvliet@xxxxxxxxx wrote:

-----Original Message-----
From: users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Fred Smith
Sent: Friday, June 28, 2013 3:42 PM
To: users@xxxxxxxxxxxxxxxxxxxxxxx
Subject: retrofitting LUKS encryption on installed system

I've got a F19 installation that I'd like to turn into a fully encrypted
system with LUKS.

There are many howtos on the web for encrypting a partition, but they
all show doing it to /home.
-----Original Message-----

No, just re-install.
One partition with /boot and another with an encrypted volume-group, holding /, swap and the rest.

But before embarking on that trip, do you really need full disk encryption?
I mean, the content of /usr is on any fedora-cd ;-) And when up-and-running, everything is unlocked.

The only valid reason I can think about, is that other people have physically access to your machine and could get root-access by booting from cd/dvd, and might alter your system.


Well, I have employer VPN information, ssh keys allowing me to ssh into
my own home system, and sometimes customer's VPN (and possibly other)
information on it too, so for all those reasons it has seemed like encrypting
the whole thing would make sense.
Before you move heaven and earth to encrypt everything, is the data small and all in one directory? Sounds like it, you could use the encfs FUSE module to have just the one directory encrypted. That has a provision to unmount if the directory is unused for a time, which addresses "when up-and-running, everything is unlocked" you mentioned. A few minutes after you give the password, if you don't use the data it unmounts. 


Fred




--
Bill Davidsen <davidsen@xxxxxxx>
  "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux