[clug] Ubuntu encrypted file systems

David Tulloh david at tulloh.id.au
Fri Aug 21 06:21:40 MDT 2009 

Ian McLeod wrote:
> Hibernate is pretty important to work - this is a big reason to have a 
> netbook in the first place.  What if only /home is encrypted - that at 
> least offers some protection against casual theft or loss - and if 
> someone is that keen to scan var and swap then maybe just let them - 
> they clearly have too much spare time.  So it's a case of what's 'good 
> enough' - although ideally I would prefer total security but not to 
> the point where the system is unusuable.
>
> Performance would be an issue although a netbook really is only for 
> net use and basic work - and GPS in my case too.
>
> I am leaning toward wiping the install and using the Ubuntu 'alternate 
> install' method to set up encryption from install.
>
> Anyone else done this on a netbook or laptop?  Any advice?  Is it 
> possible to retain a working hibernate?
I run my laptop with a fully encrypted LVM setup.

I'm a Debian user, installation was as simple as selecting the encrypted 
LVM option during the partition setup.  This gave me an encrypted LVM 
with all the partitions within this, I chose to have this include the 
swap partition.

There were no encryption related problems.  Hibernate worked fine, you 
are prompted to enter the passphrase on boot then the system checks for 
the frozen image.  I didn't have to do anything special at any time due 
to having an encryption based system.

My security desire was that all my information be protected in case the 
laptop walked.  Of particular concern was SSH pass phrases and passwords 
as that could lead to damage on my other systems.  If you have similar 
concerns I think you have to go the full hog and encrypt everything 
including /etc and swap.  My laptop is very low powered and I felt that 
performance was affected, any swapping will be slower and CPU usage will 
be higher with IO access, if you have a fairly modern CPU you won't be 
CPU bound and will probably never notice it.  I was happy to trade off 
the performance for security.


David

More information about the linux mailing list