Full disk encryption

Message
Author
User avatar
c4os
Posts: 29
Joined: Tue Jun 19, 2018 12:28 pm

Re: Full disk encryption

#31 Post by c4os »

I reduced the password by enable lightdm auto login. So I only need one password.
It's also secure, because it always need the password for encryption.
Powered on: MX 17 Horizon x86_64
Hardware: Dell Latitude E4300 - CPU: Intel Core 2 Duo P9600 (2) @ 2.535GHz - Memory: 4GB
Style: Resolution: 1280x800 - WM Theme: Balou - Theme: Blackbird [GTK2/3] - Icons: Papirus-Dark [GTK2]

User avatar
c4os
Posts: 29
Joined: Tue Jun 19, 2018 12:28 pm

Re: Full disk encryption

#32 Post by c4os »

c4os wrote: Sun Jun 24, 2018 9:15 am Ok, then I did it right. :happy:
Why copy all these folder and not "/bin/cp -a /live/aufs /mnt/antiX"?
Doesn't matter, main thing it works.

I got a couble of questions. How do you calculate the swap space, or do you create a swap file?
Can you send me the correct github link for the installer? I found mx-test-installer and mx-installer.
Can you recommend a good code reader/editor?

About the issues, changing the /lib/cryptsetup/cryptdisk.functions makes no sense, because it will be overwritten on updates.
I saw the installed version is 1.7.3. The actual version is 2.0.3.
https://gitlab.com/cryptsetup/cryptsetup
May we have to update to fix the "remaining" warning.
It looks like this is a problem at the most distributions.

It is possible to reduce the timeout with changing the line in /lib/cryptsetup/cryptdisk.functions:

Code: Select all

#		for i in 1 2 4 8 16 32; do
		for i in 0.001; do
Powered on: MX 17 Horizon x86_64
Hardware: Dell Latitude E4300 - CPU: Intel Core 2 Duo P9600 (2) @ 2.535GHz - Memory: 4GB
Style: Resolution: 1280x800 - WM Theme: Balou - Theme: Blackbird [GTK2/3] - Icons: Papirus-Dark [GTK2]

User avatar
Adrian
Developer
Posts: 8248
Joined: Wed Jul 12, 2006 1:42 am

Re: Full disk encryption

#33 Post by Adrian »

c4os wrote: Sat Aug 25, 2018 4:59 am I reduced the password by enable lightdm auto login. So I only need one password.
It's also secure, because it always need the password for encryption.
That might be a good option, I wonder if it reduces the security when the computer goes to sleep (does it still ask for password?) or if you log out.

User avatar
c4os
Posts: 29
Joined: Tue Jun 19, 2018 12:28 pm

Re: Full disk encryption

#34 Post by c4os »

Adrian wrote: Sat Aug 25, 2018 9:41 am
c4os wrote: Sat Aug 25, 2018 4:59 am I reduced the password by enable lightdm auto login. So I only need one password.
It's also secure, because it always need the password for encryption.
That might be a good option, I wonder if it reduces the security when the computer goes to sleep (does it still ask for password?) or if you log out.
You're right! Suspend doesn't ask for a password. Hibernate locks the display after resume. There's a option at energy settings/system.
But I saw the display content for one second until the screensaver locks. So far I don't suspend, but after I played around, I like it and will use this feature more.
So better to disable the autologin! ;-)
Powered on: MX 17 Horizon x86_64
Hardware: Dell Latitude E4300 - CPU: Intel Core 2 Duo P9600 (2) @ 2.535GHz - Memory: 4GB
Style: Resolution: 1280x800 - WM Theme: Balou - Theme: Blackbird [GTK2/3] - Icons: Papirus-Dark [GTK2]

User avatar
c4os
Posts: 29
Joined: Tue Jun 19, 2018 12:28 pm

Re: Full disk encryption

#35 Post by c4os »

c4os wrote: Mon Aug 27, 2018 3:31 am
Adrian wrote: Sat Aug 25, 2018 9:41 am
c4os wrote: Sat Aug 25, 2018 4:59 am I reduced the password by enable lightdm auto login. So I only need one password.
It's also secure, because it always need the password for encryption.
That might be a good option, I wonder if it reduces the security when the computer goes to sleep (does it still ask for password?) or if you log out.
You're right! Suspend doesn't ask for a password. Hibernate locks the display after resume. There's a option at energy settings/system.
But I saw the display content for one second until the screensaver locks. So far I don't suspend, but after I played around, I like it and will use this feature more.
So better to disable the autologin! ;-)
There's no difference between login and autologin! After I disabled the autologin suspend doesn't ask for a password. Hibernate locks the display after resume.
I that normal? I haven't much experience about suspend and I'have installed my system manually with FDE.
Powered on: MX 17 Horizon x86_64
Hardware: Dell Latitude E4300 - CPU: Intel Core 2 Duo P9600 (2) @ 2.535GHz - Memory: 4GB
Style: Resolution: 1280x800 - WM Theme: Balou - Theme: Blackbird [GTK2/3] - Icons: Papirus-Dark [GTK2]

bigbenaugust
Posts: 56
Joined: Wed Dec 20, 2017 10:41 am

Re: Full disk encryption

#36 Post by bigbenaugust »

Our office had an edict come down that everything needed full-disk encryption, so I had to switch distros on a couple of my machines. Let me know if you need someone to test the installer when y'all add this, though. :)
--Ben

User avatar
info6
Posts: 1
Joined: Mon Oct 22, 2018 2:14 pm

Re: Full disk encryption

#37 Post by info6 »

No one who is using more than one OS on the same computer wants the whole disk to be encrypted, that makes no sense.

For that reason the expression "full disk encryption" should be changed into "system encryption" or something similar which makes clear that the whole system, including /root, /data, /swap, and /boot is encrypted.

darth.severus
Posts: 16
Joined: Wed Dec 16, 2015 10:21 am

Re: Full disk encryption

#38 Post by darth.severus »

Hi,
I'd like to encrypt my system. I'd like to have as much as possible in one btrfs-filesystem in different subvolumes, so I don't need to decide about the size of the partitions and I can easily make backups and having rollbacks of the system. I'm reading a lot through the Archwiki. However, I'm having some questions, since this stuff is really complex:

- For what do I even need LVM when I'm using btrfs inside of a LUKS device?

- Does MX Linux not support Grub2 Bootloader? Grub seems only to work with LUKS, but not LUKS2. Advantages of LUKS2 here (scrolling down a little).

- Maybe a strange idea: Can I somehow have a some container, move the data from my Windows-8 partition into a virtual partition inside and then also have a LUKS partition for my Linux inside, and also having the boot encrypted? So I could use the space I don't use for Windows for Linux (outside of LUKS) until Windows needs more space? This would be close to perfect.
Acer Extensa 2519 with 4GB RAM v: V1.24 | Intel Celeron N3060 2.4 GHz | Intel HD Graphics 400 (Braswell)

User avatar
Mauser
Posts: 1350
Joined: Mon Jun 27, 2016 7:32 pm

Re: Full disk encryption

#39 Post by Mauser »

darth.severus wrote: Sun Dec 09, 2018 10:18 pm Hi,
I'd like to encrypt my system. I'd like to have as much as possible in one btrfs-filesystem in different subvolumes, so I don't need to decide about the size of the partitions and I can easily make backups and having rollbacks of the system. I'm reading a lot through the Archwiki. However, I'm having some questions, since this stuff is really complex:

- For what do I even need LVM when I'm using btrfs inside of a LUKS device?

- Does MX Linux not support Grub2 Bootloader? Grub seems only to work with LUKS, but not LUKS2. Advantages of LUKS2 here (scrolling down a little).

- Maybe a strange idea: Can I somehow have a some container, move the data from my Windows-8 partition into a virtual partition inside and then also have a LUKS partition for my Linux inside, and also having the boot encrypted? So I could use the space I don't use for Windows for Linux (outside of LUKS) until Windows needs more space? This would be close to perfect.
MX-17.1 has only Home folder encryption option. Full disk encryption is going to be in MX-18 which is going to be released before the end of the year. As for Grub I highly recommend you don't try Grub2 on MX-17.1 unless you want to break MX Linux.
I am command line illiterate. :confused: I copy & paste to the terminal. Liars, Wiseguys, Trolls, and those without manners will be added to my ignore list. :mad:

User avatar
Richard
Posts: 1577
Joined: Fri Dec 12, 2008 10:31 am

Re: Full disk encryption

#40 Post by Richard »

I didn't know there were more than 1 grub version 2's. :)

MX Linux has
. . . . .grub-pc_2.02~beta3-5+deb9u1 and
grub2-common_2.02~beta3-5+deb9u1,
but not
. . . . . . grub2_2.02~beta3-5+deb9u1
Last edited by Richard on Mon Dec 10, 2018 1:14 am, edited 3 times in total.
Thinkpad T430 & Dell Latitude E7450, both with MX-21.3.1
kernal 5.10.0-26-amd64 x86_64; Xfce-4.18.0; 8 GB RAM
Intel Core i5-3380M, Graphics, Audio, Video; & SSDs.

Post Reply

Return to “General”