Disk encryption and installing new versions of Fedora

Thu Jan 10 15:26:31 UTC 2008

On Mon, Dec 31, 2007 at 09:09:30PM +0000, Mike wrote:

> From the other reply to your post it seems that some have got disk
> encryption to work - but it can be hard work by the sound of it.

I wrote an article to make it easier.  Go have a look:

  http://www.msquared.id.au/articles/cryptroot/

Basically, full step-by-step instructions for encrypting your entire hard
drive during a fresh install of Fedora 8.

On Mon, Dec 31, 2007 at 01:53:34PM -0500, Mail Lists wrote:

> Encrypted swap can be made to work using luks and /etc/crypttab - which
> does work fine. There is a warning at boot about the swap device not
> being  able  to  be  resumed -  which  while a true statement is
> irrelevant in a cold boot setting. But it encrypted swap does at least
> work  and  is  quite  straightforward  to  set  up.  (You  cannot  use
> sleep/hibernate/freeze resume however).

Check out my article above - because it encrypts the entire drive (and
decrypts it before resume is done during boot), you can even
hibernate/resume successfully with it.

> Encrypted  root  has  no  chance yet - at a minimum it requires the
> updated mkinitrd.

This is true, which is why I wrote my article - it includes patches for
the current version(s) of mkinitrd to address this problem.  It's not a
long-term solution, but it will get you going right now until encrypted
root is supported in a future Fedora release.

On Mon, Dec 31, 2007 at 01:11:38PM -0800, Mr.Scrooge wrote:

> I am curious about this as well but i'd say if someone has access to
> your harddrive then you are screwed anyway, at that point it simply
> becomes a matter of time before they find a way to crack your
> encryption. Probably better off focusing your attention on keeping
> people out.

Do both.  :-)  Layers upon layers of security....

I don't have information on my laptop that is worth industrial espionage
to obtain, so I figure the most likely occurrence with my laptop is simple
random opportunistic theft.  A random thief will probably be sufficiently
deterred by the encryption as not to bother.  He'll only want to make
money selling the hardware, anyway.  If he found some useful info (credit
card info, login info, etc), then maybe he'd be interested, but I don't
think he'd spend the time to break the encryption for it.

On Wed, Jan 02, 2008 at 01:49:32PM -0700, Robin Laing wrote:

> I am about to encrypt the swap and tmp on my laptop.

If you're game, try the instructions in my article - I can always do with
feedback.

On Thu, Jan 03, 2008 at 05:59:08PM +1030, Tim wrote:

> > Are that many people really that careless with their laptops?
> 
> You do have to wonder about that.
> 
> Having spent a whacking great amount of money buying mine, recently, if
> I were to take it somewhere I wouldn't be letting it out of my sight.
> Losing *it* would concern me more than anything that might be on it.

For me, I feel the other way around.  The hardware can be replaced
relatively easily, whereas if I suspected the data were likely to be
compromised, I'd have a lot of passwords to change, people to notify, etc
etc.

Regards, Msquared...