[SOLVED] Encryption on LM installation

Questions about Grub, UEFI,the liveCD and the installer
Forum rules
Before you post please read how to get help
Post Reply
afora
Level 1
Level 1
Posts: 45
Joined: Mon Aug 26, 2019 7:35 pm

[SOLVED] Encryption on LM installation

Post by afora » Mon Sep 02, 2019 8:20 pm

I selected "To do something else at the installation step where the installer asks what you want to erase. This is because I'm using two partitions on the HDD.

Because of that there's no longer an option of Encrypt the new LM installation for security. What are the implications for the system and user file security if I chose "Encrypt home directory" at one of the later steps in the installation process? Can I still encrypt the LM installation somehow?
Last edited by afora on Sat Sep 07, 2019 3:47 am, edited 1 time in total.

fabien85
Level 7
Level 7
Posts: 1544
Joined: Tue Mar 11, 2014 4:30 pm

Re: Encryption on LM installation

Post by fabien85 » Thu Sep 05, 2019 3:48 am

Yes you cannot use "full disk encryption" with the "something else" method.
Home encryption will protect all your personal files and it's pretty good already. The drawbacks I know are:
- a small performance cost compared to full disk encryption
- the logs and system files could be accessed and tampered with by someone with physical access to the machine.
That said, when you are at this level, it's also possible in principle with full isk encryption: the attacker would instead tamper with the bootloader (grub) to replace it with a malicious one.
So unless you are in high parano mode, imho home encryption is good enough.
- there is currently a bug where the home directory does not get locked when you log out (as opposed to shut down). So if another user logs in, it can read the home directory unencrypted (the files are still protected by the UNIX permission system though).
That said, it would be exactly the same with full disk encryption: you are protected only when the machine is shut down, or before the password has been entered.

afora
Level 1
Level 1
Posts: 45
Joined: Mon Aug 26, 2019 7:35 pm

Re: Encryption on LM installation

Post by afora » Sat Sep 07, 2019 3:47 am

Fantastic thank you.

gm10
Level 18
Level 18
Posts: 8753
Joined: Thu Jun 21, 2018 5:11 pm

Re: Encryption on LM installation

Post by gm10 » Sat Sep 07, 2019 3:50 am

fabien85 wrote:
Thu Sep 05, 2019 3:48 am
Yes you cannot use "full disk encryption" with the "something else" method.
Sure you can, see my simple guide here: [GUIDE] How to encrypt your new installation when dual booting

I do recommend using full disk encryption over home folder encryption. In particular the performance hit from home folder encryption can be quite severe in some scenarios.
Tune up your LM 19.x: ppa:gm10/linuxmint-tools

afora
Level 1
Level 1
Posts: 45
Joined: Mon Aug 26, 2019 7:35 pm

Re: [SOLVED] Encryption on LM installation

Post by afora » Sat Sep 07, 2019 4:19 am

Cool!

With full disk encryption, if I move /home to a secondary partition (say on the same disk) will it decrypt the content of /home. And if it does, are there any quick fixes for re-encrypting it?

Tu!

gm10
Level 18
Level 18
Posts: 8753
Joined: Thu Jun 21, 2018 5:11 pm

Re: [SOLVED] Encryption on LM installation

Post by gm10 » Sat Sep 07, 2019 4:27 am

Either encrypt the other partition, too, or use home folder encryption after all.
Tune up your LM 19.x: ppa:gm10/linuxmint-tools

fabien85
Level 7
Level 7
Posts: 1544
Joined: Tue Mar 11, 2014 4:30 pm

Re: Encryption on LM installation

Post by fabien85 » Mon Sep 09, 2019 5:34 am

accidental double post
Last edited by fabien85 on Mon Sep 09, 2019 5:38 am, edited 1 time in total.

fabien85
Level 7
Level 7
Posts: 1544
Joined: Tue Mar 11, 2014 4:30 pm

Re: Encryption on LM installation

Post by fabien85 » Mon Sep 09, 2019 5:35 am

gm10 wrote:
Sat Sep 07, 2019 3:50 am
fabien85 wrote:
Thu Sep 05, 2019 3:48 am
Yes you cannot use "full disk encryption" with the "something else" method.
Sure you can, see my simple guide here: [GUIDE] How to encrypt your new installation when dual booting

I do recommend using full disk encryption over home folder encryption. In particular the performance hit from home folder encryption can be quite severe in some scenarios.
Oh. I stand corrected. Thanks for the tutorial.
Last time I tried, this option "physical volume for encryption" must have been absent or I missed it. I did things manually following https://askubuntu.com/questions/293028/ ... 029#293029.
Maybe this is new to Mint 19. Things move fast.

Post Reply

Return to “Installation & Boot”