2

I'm a proud Suser. I'm about to reinstall 12.2 on my ASUS N76VZ (UEFI x64 laptop).

Since I'm very sensitive about laptop security against theft or unwanted inspection, I chose to use BitLocker with USB dongle in Windows 7.

When installing Suse the last time I found that only the home partition (separated from root) was capable of being encrypted.

Does Suse offer a full disk encryption solution like BitLocker that I haven't discovered yet? Or is encrypting home partition the only way to protect data?

Encrypting only home is feasible as one stores personal data in home, but I still would like to encrypt the whole thing!

Also, using a hardware token (no TPM available) for unlocking is preferred to password, if possible!

Mechanical snail
  • 7,583
  • 5
  • 45
  • 66
usr-local-ΕΨΗΕΛΩΝ
  • 4,592
  • 16
  • 67
  • 103
  • Pre-boot auth available only in Windows – usr-local-ΕΨΗΕΛΩΝ Nov 15 '12 at 16:47
  • Ah! sorry I misunderstood the question. – avirk Nov 15 '12 at 16:57
  • You may want to cast a wider net than asking for full disk encrypton for SuSE. Different Linux distros relate to eachother in different ways. SuSE is on a branch of Linuxes, closely related distros may offer a solution. My own dabbles in full disk encryption sucked.. I just encrypt my home dir. – James T Snell Nov 15 '12 at 23:17

1 Answers1

1

The LVM option in YaST partitioner setup fullfills all my requirements, though it's password based and not token-based.

The YaST partitioner allows you to choose the option to propose a partitioning based on encrypted LVM. This takes full disk and automatically assigns volume names.

It creates an unencrypted boot drive (/boot), a LVM partition which is encrypted, and within that partition one or more volumes assigned to partitions.

Answering from an encrypted linux...

usr-local-ΕΨΗΕΛΩΝ
  • 4,592
  • 16
  • 67
  • 103
  • Unfortunatelly it is no longer supported. Root partition cannot be encrypted (with Yast), no matter if it is put directly or within LVM. – greenoldman Nov 09 '14 at 16:40
  • Do you mean it requires installing 12.3 and upgrading to 13.1 to keep encryption? This is my laptop's current setup – usr-local-ΕΨΗΕΛΩΝ Nov 10 '14 at 08:20
  • Errm, the current OS is 13.2 and I mean it is impossible to have LVM with encrypted root partition, and if you have such setup with older OS (I had) and you upgrade to 13.2, you will be unable to boot (unless you made some custom magic to make this work). – greenoldman Nov 10 '14 at 10:51
  • Oooooooooops I forgot to check the latest version – usr-local-ΕΨΗΕΛΩΝ Nov 11 '14 at 10:04
  • With OpenSUSE 13.2 you can still make an LVM with encrypted root partition, it just takes some manual work in the installer: create unencrypted /boot, create partition type LVM, create volume group, create logical devices inside it (e.g. /, /home, swap). – David Faure Aug 31 '15 at 13:12
  • What I did in Leap 42.2 was to encrypt everything (even boot), so I get a password prompt even before GRUB2's menu is displayed (and another when initrd opens the encrypted volume). Of course that part of GRUB2 cannot be encrypted. Maybe one could put GRUB2 on a stick to carry with you, so that everything on disk is encryped, but I don't think that'll be an easy setup. – U. Windl Nov 17 '18 at 20:45