Free Hosting Online for WorkStations

< Previous | Contents | Next >

Setting Up Encrypted Partitions‌


The installation process for encrypted LVM is the same as a standard installation except for the partitioning step (Figure 4.20, “Guided Partitioning with Encrypted LVM” [page 87]) where you

will instead select “Guided - use entire disk and set up encrypted LVM.” The net result will be a system that cannot be booted or accessed until the encryption passphrase is provided. This will encrypt and protect the data on your disk.



Figure 4.20 Guided Partitioning with Encrypted LVM


The guided partitioning installer will automatically assign a physical partition for the storage of encrypted data, as shown in Figure 4.21, “Confirm Changes to the Partition Table” [page 88]. At this point, the installer will confirm the changes before they are written on the disk.



Figure 4.21 Confirm Changes to the Partition Table


This new partition is then initialized with random data, as shown in Figure 4.22, “Erasing Data on Encrypted Partition” [page 88]. This makes the areas that contain data indistinguishable from the unused areas, making it more difficult to detect, and subsequently attack, the encrypted data.



Figure 4.22 Erasing Data on Encrypted Partition

Next, the installer asks you to enter an encryption passphrase (Figure 4.23, “Enter Your Encryp- tion Passphrase” [page 89]). In order to view the contents of the encrypted partition, you will need to enter this passphrase every time you reboot the system. Note the warning in the installer: your encrypted system will only be as strong as this passphrase.



Figure 4.23 Enter Your Encryption Passphrase


The partitioning tool now has access to a new virtual partition whose contents are stored en- crypted in the underlying physical partition. Since LVM uses this new partition as a physical volume, it can protect several partitions (or LVM logical volumes) with the same encryption key, including the swap partition (see sidebar “Encrypted Swap Partition” [page 86]). Here, LVM is not used to make it easy to extend the storage size, but just for the convenience of the indirection allowing to split a single encrypted partition into multiple logical volumes.

Top OS Cloud Computing at OnWorks: