Linux and BSD desktop distributions with support for disk encryption

Disk encryption is not something most personal computer users think of when they consider ways to boost the security profile of their computer. A firewall? Yes, that in the minds of most is what computer security is all about. However, a firewall is a network security tool, and it is useless if your computer is lost or stolen. That is when disk encryption comes into play. And if you truly care about guarding access to your data, encrypting the hard drive holding it is just as important as a firewall.

So, how does encrypting a hard drive, protect your data?

Well, if a hard drive (or the most important part of it) is encrypted, the computer will not boot completely until the passphrase or encryption key used to encrypt the hard drive is specified correctly. Even if the hard drive is removed from the original computer, the system will not boot if the encryption key is not specified. That is how it protects your computer (and data) from unauthorized physical access.

The first two images show what happens when a computer with an encrypted disk boots up. This one is from Mandriva, one of seven distributions listed in this article.
Startup screen

And this one is from Sabayon, also one of the seven. Whether the interface presented is graphical or full of a bunch of text, the effect is the same. Without specifying the encryption key, you cannot login. And if your lose the computer, or someone steals it, or if an agent of your government seizes it, they will need the passphrase from you to log in.
Sabayon 6 Passphrase Prompt

The focus of this article is on distributions with graphical installation programs. When installing such distributions, the installer only allows you to specify one passphrase or encryption key. However, you may configure seven more (for a total of eight) after installation. How to manage disk encryption passphrases and key slots, explains how.

Without further ado, here are, in alphabetical order, the distributions with support for disk encryption.

  1. CentOS: – CentOS, Community ENTprise Operating System, is a multi-purpose distribution based on Red Hat Enterprise Linux. It uses the Anaconda installer, also used on Fedora and Sabayon. It uses LVM, the Linux Logical Volume Manager, as the default disk partitioning scheme and to install it on an encrypted disk, all that is required is to select the “Encrypt system” option at the disk partitioning methods step.
    Disk Encryption CentOS 6
  2. Debian: – Debian is a grand daddy of Linux distributions. It has an automated partitioning mode that encrypts a disk when setting up LVM. And, of course, you can also encrypt the disk without LVM.
    Debian Disk Encrypt

  3. Fedora: – LVM is the default disk partitioning scheme on Fedora, and like Debian, Fedora makes it very easy to encrypt a disk. Just select the “Encrypt system” option at the disk partitioning methods step and the installer will encrypt the Physical Volume.
    Partition options

    Even with the Physical Volume encrypted, you may also encrypt the logical volumes. And like Debian, if you choose to not use LVM, you can still encrypt the target disk.

    The following articles show how to configure disk encryption on Fedora:

  4. Mageia: – Mageia is a fork of Mandriva, and uses the same installation program. Unlike Debian and Fedora, it does not have an automated encrypted LVM option, but you can still configure encrypted LVM manually.
    Mageia LVM setup 5

    And without LVM, you can still encrypt the disk or disk partitions.
    Mageia Btrfs 8

    These articles show how to configure disk encryption on Mageia 1:

  5. Mandriva: – The installation program on Mandriva is the same one used on Mageia. LVM and non-LVM encryption schemes can be configured. How to configure encrypted LVM on Mandriva 2010 Spring gives a step-by-step guide on how to do it.
  6. PC-BSD: – The most popular BSD desktop distribution, based on FreeBSD. In the last stable release (PC-BSD 8.2), individual partitions or slices can be configured for encryption.

    In Snapshot releases of PC-BSD 9, which will be the next stable release, an option at the disk configuration step provides an automated encryption mode for the configured partitions. Unlike the Linux distributions in this article, PC-BSD’s installer can auto-generate the encryption key, besides the option to specify one manually. If you are new to PC-BSD, how to install PC-BSD on an encrypted ZFS file system is a good article to read.
    Disk Encryption on PC-BSD 9

  7. Sabayon: – Sabayon is a multi-purpose Linux distribution based on Gentoo, but uses a slightly modified version of Anaconda, the installation program on Fedora. The installation steps are the same as the original Anaconda, and you can use the same article written for Fedora to configure disk encryption on Sabayon. Disk encryption on Sabayon 5.3 shows how it is done on an older release. The latest stable release is Sabayon 6. Reviews of the GNOME and KDE editions have been published here and here.
  8. Ubuntu Alternate Installer: – Ubuntu supports disk encryption. However, it is not on the popular edition, that is, the edition with a graphical installer. To install Ubuntu on an encrypted disk, you will have to use the alternate installer edition, which uses an ncruses installation program, a slightly modified version of the Debian ncurses Installer.
    Ubuntu Disk Encrypt

    The following articles showing how to configure disk encryption on Ubuntu:

Related Posts

How to install and configure Adobe Flash Player 10.3 on Fedora 15 Fedora 15, code-named Lovelock, does not ship with commercial applications. Which means that you are not able to install essential applications like A...
How to install S3QL from source on Fedora 19 S3QL is an online file system for UNIX-like operating systems that provide features like compression, encryption, data de-duplication, immutable trees...
Windows 7 disk partitioning annoyance Today I made an attempt to dual-boot Windows 7 and BackTrack 5 R3 on a single hard disk drive (HDD), but on a computer with two internal HDDs. From th...
3D printer software in Fedora 19 Now that 3D printing is a hot topic in the DIY community, and those tend to favor free software principles, it's only fair that 3D printer software sh...
3 minutes with GNOME 3.4 built-in desktop recorder GNOME 3.4 was released a couple of days ago. A summary of the new features and screen shots have been posted here and here. Two features that I pro...
How to dual-boot BackTrack 5 R2 and Ubuntu 12.04 BackTrack Linux is now known as Kali Linux. You may read all Kali Linux articles and tutorial at Yet a...

We Recommend These Vendors and Free Offers

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


  1. Pingback: Links 6/8/2011: Catching Up With a Week Ago | Techrights

  2. openSUSE also supports encryption&LVM. It does much better job then Debian (I didn’t test the others).

  3. djohnston

    PCLinuxOS has support for encrypted partitions in a full GUI.

  4. Pingback: Distros with disk encryption « 0ddn1x: tricks with *nix

  5. Actually Ubuntu Alternate Installer is Debian default installer.

Leave a Comment

Your email address will not be published. Required fields are marked *