Debian :: Full Disk Encryption For Linux As Compared To OS X
Mar 20, 2016
With all the talk about disk encryption for Apple devices, I wanted to ask about how full disk encryption compares between debian linux and mac OS X. Is the code for debian linux fully available for people to inspect for flaws or backdoors? Apparently although part of the encryption code is available for OS X the full code for Filevault 2 is not public. What are the advantages and disadvantages of each method of encryption for each operating system?
View 8 Replies
ADVERTISEMENT
Oct 21, 2015
I would like to configure my Debian Jessie system in this way.
Two partitions:
1) /boot on /dev/sda1
2) everything else on /dev/sda2
I want to encrypt the second partition with LUKS. And then install over it a LVM volume. Inside the LVM volume i will create the / (root), /var, /opt and /home virtual partitions. In this way, i'll get asked only once for the password to decrypt all partitions. Because if i don't use LVM, then i'll get asked for the password for each encrypted partition.
I can follow and understand almost everything of this HOW-TO for Archlinux: [URL] ....
Only two passages are unclear to me:
1) Configuring mkinitcpio
I don't understand what i should do here in order to complete this. What should i do in Debian to configure "mkinitcpio"? what is the equivalent thing to do here?
I thought that the kernel would automatically recompile itself with all installed modules on the Debian system, once cryptosetup/LUKS or LVM2 get installed.
2) Configuring the boot loader
I don't understand what should i write in /etc/default/grub. Will GRUB automatically load the LUKS and LVM2 modules? Also, I don't think that i could boot the system in this way:
cryptdevice=/dev/sda2:LVM root=/dev/mapper/LVM-????
Actually the "root=" volume is the whole volume to mount as LVM. It isn't the final root partition.
View 5 Replies
View Related
Jul 14, 2011
The only reason why I don't use Linux (even though I prefer Linux over Windows, and can do everything faster and more efficiently) is because each time I try to learn about dm-crypt I give up.
Can someone point me in the right direction for full OTFE on Linux (like TrueCrypt)?
View 1 Replies
View Related
Nov 14, 2010
I do know about cold boot attacks. But I ran across a couple of posts/websites that had me wonder if it is possible, without the passphrase, to just remove the encryption?
View 4 Replies
View Related
Oct 20, 2010
For some reason I can't find any documentation re: the algorithm(s) used by Ubuntu to encrypt the filesystem... Anyone know what it is?? AES?
View 2 Replies
View Related
Jan 10, 2011
I have a bunch of pictures that I thought I had backed up but as it turns out I didn't, the problem is I formatted the drive they were on.
It is a 1TB hard drive, and it was running Ubuntu 10.10 using full disk encryption from the alternate install CD. After formatting, I installed Ubuntu Server 10.10, also using full disk encryption.
I know the encryption key for both installs (and the keys in fact are the same).
I have turned off the machine, and have stopped writing to the disk. I am hoping because it is a 1TB drive, and I have only written over it with 2GB of data, that there is a chance I can recover the data.
View 2 Replies
View Related
Jan 29, 2011
I managed to get a cheap refurbed netbook recently (Samsung N150) and I'm wanting to put Ubuntu on it. As it's also likely to be used when travelling and have things like chat logs, photos, and other such things I'd like to do full disk encryption. Also I've been pointed towards 10.4 as apparently the 10.10 netbook desktop isn't to everyone's taste.
So I tried using unetbootin to make a bootable 10.4.1 i386 Alternate usb stick, which hit the problem of no cd drive. I found an item to add to the boot (cdrom-detect/try-usb=true) which got it a little further, but at a copying stage it threw an error saying it couldn't copy off the disc.
Finally I tried making a unetbootin of the mini iso (does mini even support full disk encryption?) but that seems to hang after selecting a mirror.
EDIT: Well it seems I was just impatient on the mini ISO and after a few minutes it's gone onto time-zone, though of course this could get rather tiresome without a local mirror, especially given this may go through more than one iteration.
View 1 Replies
View Related
Apr 13, 2011
Is there a way to install ubuntu 10.04 or 10.10 with full disk encryption? I read how to do it in the 8.0 version, was wondering if it is still possible?
View 4 Replies
View Related
Jan 13, 2010
this isn't really a security question, per se, so feel free to move. It is related to full disk LVM encryption though. Full disk didn't work for me with grub2 after running dd to a remote server, so I downgraded to grub1. No biggie. However, I have neither grub or grub2 as selected in Synaptic.Let's say I forget which I have installed. How would I determine what version of grub is installed at the moment. I'm assuming it's somehow installed on in the mbr but not on the OS. I didn't mean to do anything funky. Is that the normal setup? I'm deploying these systems to users and want to be able to troubleshoot issues in the future (hopefully that will not be needed!) grub --version does not work because it is not installed.
View 2 Replies
View Related
Feb 12, 2010
I am investigating full disk encryption and have made a DD copy of the hard drive which has been encrypted, this DD file is stored on my computer for analysis.
First question is - Anyone know how i can access data in this DD file even though its been encrypted?
Second question - Is there a DD command where i can image the systems memory? I ask this because when a system is turned on, to get past the pre-boot authentication stage you need a password. From what i understand, this password will be passed in to ram when power is applied to the system. Making a copy of the memory will also copy the password?
View 5 Replies
View Related
Feb 13, 2010
I've been wanting to do this for a while and after upgrading some of my pc components I decided I would finally try to dual boot with full disk encryption on both windows 7 and Ubuntu 9.10. I managed to encrypt the windows drive with truecrypt and that worked. I installed Ubuntu 9.10 using the alternate cd and everything but /boot is in an encrypted LVM. Each OS is on a separate SATA drive the windows is on sda1 and ubuntu /boot is sdb1.
To setup the dual boot I started out following the tutorial [url] but its for XP and versions of ubuntu that use grub not grub 2. I ran dd as posted and saved the files it produced from truecrypt. I then ran into some problems with grub reinstallation so I simply reinstalled Ubuntu 9.10 from scratch again. This put grub 2 on the computer. I've managed to get it to add a Windows 7 option.
However, when the option is selected truecrypt comes up and says that the bootloader is corrupted and that I need to use the repair CD I burned before I encrypted the drive. My question is does anyone have any experience dual booting using Truecrypt on Windows 7 and LUKS/dm-crypt on Ubuntu 9.10 with grub 2? And how would I get the boot menu to work? I'd rather not reinstall but if I have to I have images from right before I encrypted so it wouldn't be the end of the world.
View 4 Replies
View Related
Mar 28, 2011
To structure the layout of my partitions. I'm installing Windows 7, Backtrack 4 R2 and Ubuntu 10.10 Desktop on my laptop. I've got a 500 GB HDD named sda.
I've already installed Windows 7. It's my opinion that it's easiest to begin with Windows.
The partitions look like this right now:
The Windows installation is unencrypted and I want it to stay that way. It's only there in case my laptop gets stolen, I've installed various nasty things there.
The Backtrack 4 installation will also be given 100 GB space, I want it to be encrypted. The Ubuntu installation should get the rest of all the remaining space and preferably be encrypted but it's not 100% necessary.
How I should partition this? There's a limit on 4 primary partitions? How do I circumvent this? There should be one dedicated GRUB partition which will point to each of the installations own boot loaders?
View 8 Replies
View Related
Jul 31, 2010
This question is somewhat open ended, so I'll describe the specific issue, what I want to accomplish in general, and what I tried to do. It'd be a little long, but hopefully not too daunting.For quite a while my approach to multi-OS boots has been to install each OS to a separate disk. When I want to boot a specific OS I change the boot drive in the BIOS. I find this convenient for several reasons, but mostly because I don't get boot manager conflicts. If I remove a disk or change the OS on it, this doesn't affect the booting of other OS's.
Note that when I say multi-OS, this meant until now multiple versions of Windows. I've occasionally tried some linux distros on VirtualBox, but now I want to do a full install, and see if I can use it as a main OS. (What prompted this was the recent release of Wine 1.2 and the fact that my new job doesn't involve any Direct3D or DDI work. I've always been partial to the open source movement, but I'm also fine with Windows and never before felt I could make the move without losing key abilities). My plan was (still is, if I can get it to work) to use Linux for everyday e-mail, web browsing and such, play Windows games over Wine, and install Windows 7 in VirtualBox for Windows development.I currently have two disks, one with my main Vista x64 installation, and the other with a Vista x86 installation which I used for my previous job and I no longer need. This is the disk I want to use for the Linux installation. It has a lot of partitions but quite a bit of free space (since I copied a 80GB disk and 250GB disk into a 500GB disk and haven't taken advantage of the extra space).My first choice of distro was Linux Mint, since it's known to be friendly to new users, and I like the software installer on it. I installed Linux Mint in the past in VirtualBox, and the latest version also installed fine, and I found installation instructions explaining how to provide my own partitions, but the installation failed during the "configuring hardware" stage. If you're interested, more details are available in this thread on the Linux Mint forums. I didn't get any reply to that thread.
I thought then that I'd try openSUSE 11.3. The live CD looked usable enough, but when I tried to install I couldn't tell how to make sure that I don't get a boot manager which will try to give me access to the Windows versions on the disks. I don't want this, and what I'm really afraid of is that an install will screw the booting of Vista x64 on the other disk (which, granted, I can disconnect for the install, but I'd rather not). At that point I decided to post a question here.So hopefully you understand what I want to achieve. I don't much care which Linux distro I install, but I'd rather have one which gives me as much usability out of the box (or easily installable) as possible.
View 5 Replies
View Related
Dec 23, 2010
I wonder if this is possible to extend or regrow the Linux hard disk partition from 8 GB to 20 GB without losing the existing data on the partition ?at the moment this Ubuntu Linux is deployed on top of VMware and I've just regrow the hard drive from 8 GB into 20 GB but can't see the effect immediately.can anyone suggest how to do this without losing the data ?
View 9 Replies
View Related
Sep 3, 2015
I've a Lenovo G50-80T with W8.1. I want to install Debian 8.1 in dualbooting mode. I've done this other times without problems. But this time I want encrypt the Linux partition (not the Windows partition). I'll use dm-crypt to do that. I want to know if this way is secure for protect the data on Linux partition or if I need encrypt the entire drive.
View 3 Replies
View Related
Jun 28, 2010
I've bought a 500GB Seagate hdd.the Current hdd carrying Debian has started showing troubles(and will have to RMA it).Can I Copy Debian to a New Ext4 Partition on the New hardddisk?What is the recommended way to mirror copy(everything)?I've last rescued this way some 4 years back using "dd".
View 10 Replies
View Related
Dec 9, 2010
I have a single PC that has two hard disks in it. One is 250GB running Debian linux; the other 1TB running windows. I was switching between the two by going to the BIOS and changing the order of the hard disks to boot from. Both lived happily together in peaceful co-existance. Until....
Lately, I haven't been using Linux, so I decided to convert the 250GB to windows. So I put in the windows install CD, and it all started working fine, but when it came down to setting up a partition, Windows only recognized 130GB (out of the 250GB). I got confused so I decided to re-install linux. Linux recognizes the full 250GB; it recognized that there is a second hard disk running a different OS so the grub gave the option to boot from windows. So after a couple of reboots from both drives I decided to go ahead and install windows on the 250GB. Well again, windows only recognized 130GB, but this time, windows showed me another hard disk again with 130GB capacity. Apparently I stupid enough to proceed so now both hard disks - the 250GB and the 1TB - have capacity of 130GB each. And this is where I'm stuck.
I have tried fdisk, I have tried debug, but for some reason, windows can only recognize 130GB out of the entire disks; linux on the other hand recognizes the full capacity. I also used the seagate disk diagnostic tool (seatools for MS DOS) and it found no errors on either hard disk.
How can I reclaim the full capacity under windows?
View 4 Replies
View Related
Jul 13, 2009
Is there a simple latex-compliant text editor (gedit or something else easy to learn) for linux that supports reading and writing MS Windows files? It the editor doesn't support it, I may choose to wrap the files in "unix2dos" or something.
My girlfriend is about to start a new project at her MS Windows oriented university, and I'd love to set her up with latex (both there and at home) and linux at home. I'm aiming at having her SSH'ing into the university's systems, and use a simple text editor to edit her latex files that must be MS Windows compliant.
Furthermore, it's important that the files are encrypted. Is it possible to encrypt a folder on MS Windows at school, and decrypt it at home using linux?
View 7 Replies
View Related
Sep 23, 2015
So, my issues since upgrading to Jessie seem to compound. When I fix one issue, two more arise. Right now, I have a full system disk. How it got so full. So I started poking around. I ran
Code: Select all find / -type f -size +50M -exec ls -lh {} ; | awk '{ print $NF ": " $5 }'
Found a few files I could delete, and did, but I also found Code: Select all/var/log/syslog.1: 33G
/var/log/messages: 33G
/var/log/user.log: 33G
What I find strange is that they're all exactly 33G each. So that accounts for the missing 99GB I deleted them, however only recovered 27Gb. Whats weird is when I type df -h I get
Code: Select allFilesystem Size Used Avail Use% Mounted on
/dev/dm-0 106G 74G 27G 74% /
udev 10M 0 10M 0% /dev
tmpfs 3.2G 9.7M 3.2G 1% /run
tmpfs 7.9G 0 7.9G 0% /dev/shm
tmpfs 5.0M 4.0K 5.0M 1% /run/lock
tmpfs 7.9G 0 7.9G 0% /sys/fs/cgroup
/dev/sda1 228M 27M 189M 13% /boot
/dev/sdb1 1.9T 62G 1.8T 4% /media/ntfs
tmpfs 1.6G 0 1.6G 0% /run/user/0
What are the tmpfs's and how can I reclaim that space, and what is /dev/dm-0 and why is that taking up so much space?
I have 2 LVGs vgdisplay -v
Code: Select allroot@SETV-007-WOWZA:~# vgdisplay -v
DEGRADED MODE. Incomplete RAID LVs will be processed.
Finding all volume groups
Finding volume group "WOWZASERVER"
[Code] ....
After deleting the log files, I was able to regain access to my GDM session. But I still cant find out what /dev/dm-0 is, and where all the 75 GB is being taken up.
I just noticed, however, even though I can access the drive A-OK via browser, terminal, and web services (Our wowza) when I enter gParted I get this error for sda, my primary OS drive!
Code: Select all Libparted Bug Found!
Error informing the kernel about modifications to partition /dev/sda2 -- Invalid argument. This means Linux won't know about any changes you made to /dev/sda2 until you reboot -- so you shouldn't mount it or use it in any way before rebooting
Now that I'm in gParted I see 3 partitions: [URL] ....
It reports now, that I have used ALL of my disk space.
Post Log delete, and fresh reboot, this is what Code: Select alldf -h outputs
Code:
Select all Filesystem Size Used Avail Use% Mounted on
/dev/dm-0 106G 8.7G 92G 9% /
udev 10M 0 10M 0% /dev
tmpfs 3.2G 9.8M 3.2G 1% /run
tmpfs 7.9G 80K 7.9G 1% /dev/shm
tmpfs 5.0M 4.0K 5.0M 1% /run/lock
[Code] ....
What the heck is going on?
View 0 Replies
View Related
Aug 25, 2010
Is it possible to encrypt the entire drive and not be prompted for the passphrase?
I have a request for a demo of our application and I am looking to create a virtual for VMware's player but need to make sure that the vmdk file cannot be mounted and files pulled from it to protect us from reverse engineering of the application.
View 9 Replies
View Related
Feb 3, 2010
I've been using full disk encryption with luks on two Dell laptops for about 2.5 years. One is 64 bit Fedora (upgraded to 12), another is 32 bit Ubuntu (upgraded to 9.10), both were ext3, until recently.Over time, performance degraded substantially, especially on Fedora, which was put to a heavier use. That laptop has 4 Gb RAM, two 2.5 GHz T9300 CPUs, and 56 Gb of free space.
It was especially unbearable after a reboot. Programs like firefox and thunderbird would take close to a minute to start when ran for the first time after a boot. The login process was painfully slow, and some Gnome applets (e.g. Tomboy notes, keyboard layout switcher) would fail to load on the first login, with an error. I experienced this problem on both laptops with full encryption. I had to log out and relogin to make the applets appear. I tried various boot and mount options and was thinking about switching to ecryptfs (encrypted home).
I also use 3 desktops with no encryption and a netbook with ecryptfs on /home, which all work fine. All are Dell, 2 Ubuntu and 2 Fedora. The Gnome applets problem seems to be due to slowness of the installs with the full disk encryption. The last thing I tried is to migrate ext3 to ext4. I also converted /home, /usr, /opt to extents, following[URL].. That seemed to do the trick. Gnome applets now load fine on both laptops, and startup time is back to tolerable.
Is this a typical experience: ext3 performance degradation with time and a much better performance with full disk encryption once ext3 is migrated to ext4?
View 1 Replies
View Related
Mar 12, 2011
I'm trying to install a luks enabled grub for full system encryption. What modules are required by grub to load a normal ubuntu linux system and what is the type to use?
View 2 Replies
View Related
Jan 2, 2010
I'm running mythbuntu 9.04 and am having an issue with disk space.
I try 'rm' various log files but the space I free up lasts less than a minute before the disk reports as being full once more.
df -Th | sort gives:
Quote:
/dev/sda1 ext3 8.3G 7.9G 0 100% /
/dev/sda6 ext3 138G 125G 6.3G 96% /music
/dev/sda7 xfs 783G 617G 167G 79% /videos
/dev/sdb2 xfs 344G 242G 103G 71% /recordings
[Code]....
There's nothing enormous in /var/log and my trash and the root trash are empty.
why size and used fields are not the same despite 100% usage being reported on sda1..
View 7 Replies
View Related
Jan 29, 2010
how much of a performance impact full disk encryption (say, AES 256-bit) has on disk-related activities? On one particular project I'm involved in I am trying to weigh out security vs performance issues.
View 1 Replies
View Related
Oct 21, 2010
Which is the best whole hard disk encryption software for RHEL 4.6. Tried Truecrypt but was not success in making it work. First had issue with fuse version, then with glibc and etc.
View 5 Replies
View Related
Aug 2, 2009
i want to deactivate disk encryption. How can i do that?
View 1 Replies
View Related
Jan 25, 2011
Bitlocker is a harddrive encryption data protection tool which comes with Windows Vista Ultimate and 7. Does anyone know an equivalent for Linux distros like Fedora and Ubuntu?
View 3 Replies
View Related
Jan 10, 2011
1. Fedora 14 has a user friendly disk encryption setup.However, there doesn't seem to be an option to change the encryption parameters during setup. Since I can handle the overhead, I would like to change the encryption algorithm and the key length for the default install.
2. I have created an additional encrypted drive (the entire HD) which claims to have its own encryption functionality (Seagate Constellation 1TB). Does Fedora use the built-in encryption mechanism by default? Is there any way to tell?
3. I can't seem to find any utility to tell me what the actual key size is for different HD's I have encrypted. "cryptsetup --help" seems to print out only the information for the default encrypted O/S which is the default 256 bit.
My problem is whether the -s option work when set to a 2,048 bit key length? Or, does it fall back to a 256 bit key length if it fails to do so? Or, does it automatically use the built-in encryption of the hardware? If the -s option doesn't work with a 2,048 bit key setting, can the kernel be recompiled to do so?
View 8 Replies
View Related
Apr 10, 2011
Quote: The importance of security should never be underestimated. The consequences of losing data can be disastrous for any organisation. For example, the loss of a single unencrypted laptop may have huge repercussions. This could include breaching data protection legislation with the risk of a significant fine, a loss in the confidence of an organisation, as well as the risk that sensitive data may fall into the hands of a competitor or third party with malicious intent.
View 1 Replies
View Related
Feb 24, 2009
I was trying to install Fedora 9 on my new laptop that came with Win XP. I have selected the option to wipe out all partition and create a default layout with the Encryption option selected. But that installation got stopped on the middle, therefore I have started the installation again. This time it asked for the encryption password as expected but don't know why, its not accepting my password. I am 100% sure that the password is correct but it is not allowing me to enter into the hard disk partition section.
My question is, how do I remove encryption from my hard disk? I don't need to preserve the data, I just need to use my hard disk again. Is there any boot CD that allow us to format encrypted disks without prompting for a password?
View 3 Replies
View Related
