Can an option for full disk encryption be added to the install?

[The_Dadu]

The more I read about data and hardware theft, the most common long-term solution appears to be full hard disk encryption. I have even heard consideration from some jurisdictions around the world to simply mandating encryption.  My current employer encrypts all issued laptops (I don't rate one full-time).
We have TrueCrypt in the repositories and I'm sure someone more expert than I could implement it. But, as an idea, would it be possible to add the option of a full partition encryption to our installer?  If someone is like me, who only has PCLOS on their machine, this should make the machine fairly well protected. It would put us ahead of the curve with regard to security, should encryption be mandated somewhere.  I would think that would be preferable to trying to scramble to add it later.
Just an idea I thought worthy of consideration.
Alan

[lhb1142]

The more I read about data and hardware theft, the most common long-term solution appears to be full hard disk encryption. I have even heard consideration from some jurisdictions around the world to simply mandating encryption.  My current employer encrypts all issued laptops (I don't rate one full-time).
We have TrueCrypt in the repositories and I'm sure someone more expert than I could implement it. But, as an idea, would it be possible to add the option of a full partition encryption to our installer?  If someone is like me, who only has PCLOS on their machine, this should make the machine fairly well protected. It would put us ahead of the curve with regard to security, should encryption be mandated somewhere.  I would think that would be preferable to trying to scramble to add it later.
Just an idea I thought worthy of consideration.
Alan

Dear Alan,

On another of my computers I use U----uStudio. I recently effected a 'clean' installation of version 12<dot>10 and I was offered the option to encrypt the installation plus the option of encrypting the free space.

I used both options.

This is perfect for my needs. This computer goes with us on trips and now, without that encryption passphrase (password), no one can get to the login page even of they were to have my login name and password. Thus the computer is totally useless to anyone who would steal it and my data is safe.

Once logged in, the encryption is completely transparent; it does not affect the usage of the system in any way.

I also have a password for the BIOS but that can easily be removed or bypassed. However the entire disk encryption I now have on this computer cannot be circumvented.

I too would like to see this option made available for PCLOS.

Thank you for suggesting it.

Lawrence

[Just17]

Have you read through this thread?

http://www.pclinuxos.com/forum/index.php/topic,93730.0.html

[Bald Brick]

Perhaps you should have a look at muungwana's zuluCrypt. It's in the repository and it makes encrypting partitions, directories and single files quite easy.

[TheGhost]

+1 for Zulucrypt.

I wanted to do some tests with encryption, and was amazed at how easy Zulucrypt made the job.
What's more, using Zulucrypt, you can create encrypted partitions that can be also accessed from Windows, in the event that is needed.

Also, there is an option to encrypt the partitions when creating them to install PCLOS.  I never tested it in full because it seem to effectively lock even the booting unless the password was provided. My goal at this point was not that, just to encrypt a partition to be shared with Windows. But the option is there and it seems to be what you are looking for.

[lhb1142]

Have you read through this thread?

http://www.pclinuxos.com/forum/index.php/topic,93730.0.html

Dear Just17,

I hadn't before, but I have now. Unfortunately all of it is w..a..y beyond me.

Regarding the various "'buntus," when installing any of the 12<dot>10s from their Live CD (or DVD), one has the option of merely checking one or two boxes if one wants to encrypt the installation and/or the free space. If encryption is selected, the next page asks for a passphrase (password) to be entered.

That's it!

Then the rest of the installation proceeds normally.

When booting up an encrypted installation, after the BIOS password (if any) has been entered, the boot splash screen is displayed with a box to enter the encryption passphrase (password). If it is entered correctly, only then will the computer proceed to the login page and only then can the user log in.

Enabling encryption in the installation (and using it) is as simple as it can be and this is what I'd like to see in PCLOS and this is what I think the originator of this thread wants too.

Something simple ...

Lawrence

[TheGhost]

Have you read through this thread?

http://www.pclinuxos.com/forum/index.php/topic,93730.0.html

Dear Just17,

I hadn't before, but I have now. Unfortunately all of it is w..a..y beyond me.

Regarding the various "'buntus," when installing any of the 12<dot>10s from their Live CD (or DVD), one has the option of merely checking one or two boxes if one wants to encrypt the installation and/or the free space. If encryption is selected, the next page asks for a passphrase (password) to be entered.

That's it!

Then the rest of the installation proceeds normally.

When booting up an encrypted installation, after the BIOS password (if any) has been entered, the boot splash screen is displayed with a box to enter the encryption passphrase (password). If it is entered correctly, only then will the computer proceed to the login page and only then can the user log in.

Enabling encryption in the installation (and using it) is as simple as it can be and this is what I'd like to see in PCLOS and this is what I think the originator of this thread wants too.

Something simple ...

Lawrence

That feature is already there.

When you create the partitions, there is a box to tick if you want to encrypt it. As simple as that.

And if you use that option, it does ask for a password, and when you boot the computer, it requires the password to boot even if the encrypted partition is other than "/".

Screenshot:



That tick box does exactly what the OP and lhb1142 are looking for.

Hope this is of help.

[muungwana]

thanks for the shout out to zuluCrypt.

Next version will be out soon and will come with an additional tool,zuluMount.

zuluMount can be used as a replacement for device notifier.It does what device notifier does and more.

The more part involve the following:
1.You get to choose the mount point and hence it can be anywhere you have write access to.
2.It can open and close luks based as well as plain based encrypted volumes in partitions.DN only works with luks volumes.
3.It contains more information about partitions and hence can also be used as a replacement for kdiskfree
4.It can mount and unmount normal partitions as well as encrypted ones.

zuluCrypt will have these additional features.
1. keys can now be saved and retrieved from kde kwallet and retrieved from gnome keyring.
2. keys can now be made out of a combination of a keyfile and a passphrase.
3. It is now possible to use a gpg encrypted keyfile.

while i am here,bit thanks to Bald Brick for his assistance in testing on 64 bit system and bug reports and feature recommendations.

zuluMount look like below link:

https://plus.google.com/photos/109794855728648275729/albums/5798346004239773809/5798346057368854914

[lhb1142]

Have you read through this thread?

http://www.pclinuxos.com/forum/index.php/topic,93730.0.html

Dear Just17,

I hadn't before, but I have now. Unfortunately all of it is w..a..y beyond me.

Regarding the various "'buntus," when installing any of the 12<dot>10s from their Live CD (or DVD), one has the option of merely checking one or two boxes if one wants to encrypt the installation and/or the free space. If encryption is selected, the next page asks for a passphrase (password) to be entered.

That's it!

Then the rest of the installation proceeds normally.

When booting up an encrypted installation, after the BIOS password (if any) has been entered, the boot splash screen is displayed with a box to enter the encryption passphrase (password). If it is entered correctly, only then will the computer proceed to the login page and only then can the user log in.

Enabling encryption in the installation (and using it) is as simple as it can be and this is what I'd like to see in PCLOS and this is what I think the originator of this thread wants too.

Something simple ...

Lawrence

That feature is already there.

When you create the partitions, there is a box to tick if you want to encrypt it. As simple as that.

And if you use that option, it does ask for a password, and when you boot the computer, it requires the password to boot even if the encrypted partition is other than "/".

Screenshot:



That tick box does exactly what the OP and lhb1142 are looking for.

Hope this is of help.

Dear TheGhost,

I tried what you described and it worked perfectly. While it would be nice if the encryption option were available in the 'default' (standard) installation merely by checking a box or two, the method you showed me is certainly very easy to implement.

I have PCLOS installed onto two computers now, one with and the other without full disk encryption. I am going to effect a complete re-installation of PCLOS on the one without encryption, adding the disk encryption. I am planning to add a full-encrypted PCLOS to a third computer (which is currently running another GNU/Linux OS) as well.

This offers another layer of protection for my data - and a very welcome layer. It makes a computer completely useless to a thief (or even to a nosy acquaintance).

Thank you very much for your information. I hope others find it to be useful also.

Lawrence