Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
im using Windows OS and i wish to switch to Linux with GUI, i dont have any distribution in mind (i know Ubuntu has huge community, so maybe xubuntu). Before i do the Win/Linux switch, i want to ask for a link to tutorial or advice regarding HDD encryption.
Im looking for quick & secure way to encrypt whole filesystem (including /boot) so i have peace of mind that nobody will read any data. I also want easy of use, im linux noob in command line so i prefer GUI tool. Can you please give an advice on solution?
I would suggest you to boot some distros (without installing them) from a live CD - just to be familiar with them.
About the security: the boot cannot be really secured, because the system should be started somehow to be able to encrypt/decrypt drives. But the normal boot contains no interesting information, just the usual files. Therefore the way is to have a small boot partition and a protected one (or more). http://www.howtogeek.com/howto/33255...ur-hard-drive/
im using Windows OS and i wish to switch to Linux with GUI, i dont have any distribution in mind (i know Ubuntu has huge community, so maybe xubuntu). Before i do the Win/Linux switch, i want to ask for a link to tutorial or advice regarding HDD encryption.
Im looking for quick & secure way to encrypt whole filesystem (including /boot) so i have peace of mind that nobody will read any data. I also want easy of use, im linux noob in command line so i prefer GUI tool. Can you please give an advice on solution?
LUKS is a pretty common way in Linux. You should be given that option when you install.
I would highly recommend openSuSE to someone new to Linux. Easy to use, lots of GUI tools, rock solid, mature, decent repos, and above all...no spyware.
I would suggest you to boot some distros (without installing them) from a live CD - just to be familiar with them.
About the security: the boot cannot be really secured, because the system should be started somehow to be able to encrypt/decrypt drives. But the normal boot contains no interesting information, just the usual files. Therefore the way is to have a small boot partition and a protected one (or more). http://www.howtogeek.com/howto/33255...ur-hard-drive/
IDK what happens when you encrypt the harddrive, but this is a common back door. Gives you instructions to patch that up, too.
that article is very usefull, im amateur, but it tells that one should not keep /boot just unencrypted and part of computer storage media. It should be on flash disk or whole disk encryption, thats why im aksing full disk encrypt if its doable bypassing hack mentioned in above example.
You want native full disk encryption of your hard drive? LUKS does that. It is a native technology in Linux, so it's fully integrated with the GUI; as you boot, it will graphically prompt you to enter a password to unlock the partition needing to be accessed. If you use LUKs on an external drive, most Linux desktops have a GUI interface to allow you to enter a password.
LUKs is simply what it is that you are asking for. I know off hand that both Mint and Fedora make it easy to utilize as you install; again, all graphical and point-and-click.
Also, for what it's worth, the command line is not actually as an advanced technology as you think. Well, it is, but it's not as difficult as you think. Don't be afraid of it :-)
so the cpu cannot execute encrypted instructions therefore some amount of disk must remain unencrypted to have the initial boot code,
which in this case is the entire boot partition which contains boot code along with dmcrypt, which are open source.
so the method of attack is via physical access modify the unencrypted boot partition to poison it with boot code that steals the encryption passphrase when entered by the user and write it to a plaintext hidden file somewhere on boot partition. User then uses their computer and enters passphrase, then you get physical access later on and read that plaintext file your poisoned boot code created.
given all that, is a similar attack feasible on computers using different encryption software and on Microsoft Windows that uses TPM?
my guess is no because T = trusted in TPM and you can't get that passphrase along with that software not being open source?
microsoft windows bitlocker whole drive encryption isn't susceptible to this kind of attack is it, where one section of data on the disk is unencrypted that with physical access you can modify?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
linux GUI full disk encryption including /boot
