Is full disk encryption possible?
- Vous devez vous identifier ou créer un compte pour écrire des commentaires
Dear Trisquel Users,
I'm happy to try again this distribution. However I think that a full disk encryption is a must-have.
Last time I tried it I could not achieve this. I'm not talking about home folder encryption!
How is this option now? Is it attainable in the GUI instalation or by any other means?
Thanks in advance!
Yes it is possible, but full disk encryption must be set up during installation of the OS. When I did it, I ran the netinstall in order to set it up since it provided me with the most options. I can provide more specifics if you'd like, but I found the libreboot guide to be fairly helpful: http://libreboot.org/docs/gnulinux/encrypted_trisquel.html
One thing to do differently from this guide is that you will not encrypt /boot. The reason why is that GRUB doesn’t have a key to unlock it.
I will definitely try in a few weeks! I will try with the /boot partition encrypted as well. The guide seems pretty clear
:)
thanks again!
You are very welcome! Learning how to encrypt my disks was a big project a few months ago, glad to hear it will be able to help someone else as well.
Just a heads up, you're still probably vulnerable.
https://en.wikipedia.org/wiki/DMA_attack
https://en.wikipedia.org/wiki/Cold_boot_attack
I've heard of those already.
I think you've got to start somewhere. In the end if they want you they get you. Just send a team of SEALS overseas (not the first time) and that's it. Problem solved.
Of course the more you can protect the better but one step at a time! The community should be aware of encouraging new users gradually. If you tell them that for them to be protected you've gotta follow a 99+ advanced instructions most users are going go give up immediately. I'm not saying that you said that but I think it's a valid reminder.
Thanks for the tip anyway :)
Yeah, I agree with you.
It's just that many people think they're invulnerable and a false sense of security is very bad.
- Vous devez vous identifier ou créer un compte pour écrire des commentaires