Disk Encryption CentOS 6

Disk encryption is not something most personal computer users think of when they consider ways to boost the security profile of their computer. A firewall? Yes, that in the minds of most is what computer security is all about. However, a firewall is a network security tool, and it is useless if your computer is lost or stolen. That is when disk encryption comes into play. And if you truly care about guarding access to your data, encrypting the hard drive holding it is just as important as a firewall.

So, how does encrypting a hard drive, protect your data?

Well, if a hard drive (or the most important part of it) is encrypted, the computer will not boot completely until the passphrase or encryption key used to encrypt the hard drive is specified correctly. Even if the hard drive is removed from the original computer, the system will not boot if the encryption key is not specified. That is how it protects your computer (and data) from unauthorized physical access.

The first two images show what happens when a computer with an encrypted disk boots up. This one is from Mandriva, one of seven distributions listed in this article.
Startup screen

And this one is from Sabayon, also one of the seven. Whether the interface presented is graphical or full of a bunch of text, the effect is the same. Without specifying the encryption key, you cannot login. And if your lose the computer, or someone steals it, or if an agent of your government seizes it, they will need the passphrase from you to log in.
Sabayon 6 Passphrase Prompt

The focus of this article is on distributions with graphical installation programs. When installing such distributions, the installer only allows you to specify one passphrase or encryption key. However, you may configure seven more (for a total of eight) after installation. How to manage disk encryption passphrases and key slots, explains how.

Related Post:  Bash susceptible to environment variables code injection attack

Without further ado, here are, in alphabetical order, the distributions with support for disk encryption.

  1. CentOS: – CentOS, Community ENTprise Operating System, is a multi-purpose distribution based on Red Hat Enterprise Linux. It uses the Anaconda installer, also used on Fedora and Sabayon. It uses LVM, the Linux Logical Volume Manager, as the default disk partitioning scheme and to install it on an encrypted disk, all that is required is to select the “Encrypt system” option at the disk partitioning methods step.
    Disk Encryption CentOS 6
  2. Debian: – Debian is a grand daddy of Linux distributions. It has an automated partitioning mode that encrypts a disk when setting up LVM. And, of course, you can also encrypt the disk without LVM.
    Debian Disk Encrypt

  3. Fedora: – LVM is the default disk partitioning scheme on Fedora, and like Debian, Fedora makes it very easy to encrypt a disk. Just select the “Encrypt system” option at the disk partitioning methods step and the installer will encrypt the Physical Volume.
    Partition options

    Even with the Physical Volume encrypted, you may also encrypt the logical volumes. And like Debian, if you choose to not use LVM, you can still encrypt the target disk.
    fedoraBtrfs7

    The following articles show how to configure disk encryption on Fedora:

  4. Mageia: – Mageia is a fork of Mandriva, and uses the same installation program. Unlike Debian and Fedora, it does not have an automated encrypted LVM option, but you can still configure encrypted LVM manually.
    Mageia LVM setup 5

    And without LVM, you can still encrypt the disk or disk partitions.
    Mageia Btrfs 8

    These articles show how to configure disk encryption on Mageia 1:

  5. Mandriva: – The installation program on Mandriva is the same one used on Mageia. LVM and non-LVM encryption schemes can be configured. How to configure encrypted LVM on Mandriva 2010 Spring gives a step-by-step guide on how to do it.
  6. PC-BSD: – The most popular BSD desktop distribution, based on FreeBSD. In the last stable release (PC-BSD 8.2), individual partitions or slices can be configured for encryption.
    pbsdzfs8

    In Snapshot releases of PC-BSD 9, which will be the next stable release, an option at the disk configuration step provides an automated encryption mode for the configured partitions. Unlike the Linux distributions in this article, PC-BSD’s installer can auto-generate the encryption key, besides the option to specify one manually. If you are new to PC-BSD, how to install PC-BSD on an encrypted ZFS file system is a good article to read.
    Disk Encryption on PC-BSD 9

  7. Sabayon: – Sabayon is a multi-purpose Linux distribution based on Gentoo, but uses a slightly modified version of Anaconda, the installation program on Fedora. The installation steps are the same as the original Anaconda, and you can use the same article written for Fedora to configure disk encryption on Sabayon. Disk encryption on Sabayon 5.3 shows how it is done on an older release. The latest stable release is Sabayon 6. Reviews of the GNOME and KDE editions have been published here and here.
  8. Ubuntu Alternate Installer: – Ubuntu supports disk encryption. However, it is not on the popular edition, that is, the edition with a graphical installer. To install Ubuntu on an encrypted disk, you will have to use the alternate installer edition, which uses an ncruses installation program, a slightly modified version of the Debian ncurses Installer.
    Ubuntu Disk Encrypt

    The following articles showing how to configure disk encryption on Ubuntu:

Related Post:  How to install Oracle JRE on Fedora 20 and use alternatives to switch between it and OpenJDK

Share:

Share on facebook
Facebook
Share on twitter
Twitter
Share on pinterest
Pinterest
Share on linkedin
LinkedIn

Hola! Did you notice that LinuxBSDos.com no longer runs network ads?  Yep, no more ads from the usual suspects that track you across the Internet.  But since  I still need to pay to keep the site running, feel free to make a small donation by PayPal.

Subscribe for updates. Trust me, no spam!

Mailchimp Signup Form

Sponsored links

1. Attend Algorithm Conference, a top AI and ML event for 2020.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.

132 Responses

  1. Hi! I know this post is pretty old and you might not follow it anymore, but i try anyway.

    I installed Ubuntu 12.4 as you explained and everything went fine. I’ve set on my boot menu, priority first to the hard drive with ubuntu isntalled, but it always load Windows XP instead(installed in the main hard drive)

    Have a missed something? My Bios is a dual wefi bios.

    Thanks in advance for you help

  2. Hi, I wish I read this article before! My question is…Can I still do this after I installed 12.04 on the Slave Drive? What I mean, can I reinstall 12.04 and do it like you have in the article. What I would like is for the computer to do is boot to Windows Vista first. Right now it boots to 12.04 unless I dont choose it to before the 10sec. run out. The first time I installed 12.04 on the Slave Drive I got this message:error: no such device: 42b5645e-9e24-4551-bdfe-259699182345 grub rescue>

    I was able to repair it and it works fine but, I would still like to boot to Windows first since we share the PC at home and not wanting to confuse anyone at.

    Sorry fot he long question,

    -Mo

    1. You actually don’t need to reinstall anything. Just make the Vista HDD the primary one, then add an entry for Ubuntu in its boot manager.

      1. Thanks for you reply. I do have the Vista as the primary HDD but, it still wants to boot to 12.04 first and how do I add the entry for Ubuntu in the boot manager?

        1. To add an entry for Ubuntu in the Windows boot manager, you’ll have to use EasyBCD, as described in this article.

          Btw, wat type of computer are you attempting to install this on?

  3. Hi,

    I have two drives. Every time I go to install windows, no matter which drive I choose, when I go to install Ubuntu it shows Windows as being on /dev/sdb. How can I force Windows to be on /dev/sda?

    1. I think you have to set the primary boot disk in the BIOS or UEFI utility. Then install Windows on that. When it comes time to install Ubuntu, it should correctly detect that Windows in on sda.

      Do that and let me know if it worked out like that.

      1. Hi- thanks for replying. I don’t have the ability to select primary disks in the BIOS (I am using a Lenovo x230 thinkpad). All I had was an option to “lock” the boot priority order. The reason I must get Windows on sda is because Windows won’t hibernate unless its on sda in a two-disk installation…..

        1. If there’s an option to lock the boot priority order, there ought to be one to (re)set the boot order before locking it. Is your x230 thinkpad one of those with 2 HDDs or 2 SSDs?

          Since I don’t have one on hand, you might want to call Lenovo to ask their help on this, because I doubt that it’s really impossible to change the boot disk order.

          1. Two SSDs. Sorry I should be more clear- I can change the boot order fine- but this does not seem to be the same as setting the primary and secondary drive. I say this because when Windows kept getting relegated to /dev/sdb this disk was the first disk in the boot priority before I installed Windows 7.

  4. I just added a second HDD and created a volume on it but when installing Ubuntu 12.04 only dev/sda is displayed and sdb is not being recognized.

    The second HDD does appear in the device manager and Windows Explorer in Windows 7.

    Any tips?

    1. So you have Ubuntu and Windows dual-booted on sda and added a 2nd HDD to the system. Is that right? If not, explain what exactly you are trying to do.

      1. Sorry about that, here it goes:

        I have a computer with Windows 7 installed on the existing HDD and have added a second HDD, but have not yet installed Ubuntu.

        When I attempt to install Ubuntu from the live CD I get as far as the “Installation Type” screen depicted in your instructions after selecting “Something else”.

        On this page only my first HDD is displayed (sda) and “sdb” is not listed as an option. It does not appear that Ubuntu is recognizing the second drive.

        Thank you for the tutorial and your help!

        1. Todd,

          Did you format your new HDD in Windows? Just plugging it in to the motherboard and power isn’t enough. Check under “My Computer” to see if the new drive appears.

          If not: 1) Go to Control Panel, and in the search box (top right of screen) type in “disk management”.

          2) Select “Create and Format Hard Disk Drive Partitions”

          3) You’ll see a display of all your HDDs. The new one will probably be “Disk 1” and should be shown with a black bar. Right click on the name, and choose “Initialize disk”, then “MBR”.

          4) Now you need to allocate it. If the new volume wizard doesn’t come up automatically, right click on the box for the partition and follow the cues. Format should be quick format, NTFS. You can do the partitioning you’ll want for Linux now, or just leave it as one single partition now, and subdivide later when you install Linux.

          5) OK, check your work: go back to My Computer and verify that you can see the new HDD with the volume label and drive letter you gave it. If so, then reboot the live CD/USB and you should see your new drive.

          4) Now you need to

  5. Great tutorial! I am new to this and have two quick questions. If I did everything as said in this tutorial but wanted to have a partition within the second hard drive(linux one) that I could access while in windows, how would I do that?

    Second, if I want to have multiple distributions of linux also installed on the second hard drive, would I simply leave extra space and then do these steps with other distro and grub will allow me to select from the 3 OS’s?

    1. To the 2nd question, the answer is a yes.

      If you want to use a partition on the 2nd HDD for Windows, then just leave enough free space for it and create an NTFS partition using that space from inside Windows, though doing that defeats the whole point of using 2 HDDS for this, which is to keep both OSs completely separate.

      Note that you cannot access a Linux partition from Windows, so don’t even try doing that.

  6. Hello,

    I’ve installed Windows 7 on /sda and after, Ubuntu on /sdb.
    If I set in BIOS to boot from /sda, Windows 7 loads up, which is normal. If I set up to boot from /sdb, GRUB appears asking me which OS I want to load. If I go for Ubuntu, everything works fine but if I go for Windows 7, an error appears (“NTLDR is missing. Press Ctrl+Alt+Del to restart”). When Ubuntu was installed I made sure to set as device for boot loader /sdb1 (which is /boot partition). Should it be /sdb instead of /sdb1? Or there’s no difference? Am I missing something here?

    Thanks in advance!

    1. Yes, the device for boot loader should have been sdb instead of sdb1. Not saying that’s the cause of the problem, but you never know…

      So you can log into Ubuntu, type grub-install /dev/sdb, then type update-grub

      You can then make sdb the default boot device, so you get to choose between Windows or Ubuntu whenever you reboot.

      1. I did what you said, but the problem persists. I see the entry for Win7 but it won’t boot from it.

        At the end of “grub.cfg” I found this:

        menuentry “Windows 7 (loader) (on /dev/sda3)” {
        insmod ntfs
        set root='(hd0,3)’
        search –no-floppy –fs-uuid –set D62C67872C67618B
        chainloader +1
        }

        Do you find anything wrong in this entry?
        Thanks a lot for all the help 🙂

      2. I reinstalled Ubuntu with device for boot loader as /sdb instead of /sdb1, with same result.
        I solved the problem in the end using EasyBCD for adding an entry in Win7 loader for Ubuntu’s GRUB.

        Thank you once again!

Comments are closed.

Get the latest

On social media
Via my newsletter
Mailchimp Signup Form

Partner links

1. Attend Algorithm Conference, a top AI and ML event for 2021.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.
Hacking, pentesting distributions

Linux Distributions for Hacking

Experts use these Linux distributions for hacking, digital forensics, and pentesting.

Categories
Archives

The authors of these books are confirmed to speak during

Algorithm Conference

T-minus AI

Author was the first chairperson of AI for the U.S. Air Force.

The case for killer robots

Author is the Director of the Center for Natural and Artificial Intelligence.

Why greatness cannot be planned

Author works on AI safety as a Senior Research Scientist at Uber AI Labs.

Anastasia Marchenkova

An invitation from Anastasia Marchenkova

Hya, after stints as a quantum researcher at Georgia Tech Quantum Optics & Quantum Telecom Lab, and the University of Maryland Joint Quantum Institute, I’m now working on superconducting qubit quantum processors at Bleximo. I’ll be speaking during Algorithm Conference in Austin, Texas, July 16 – 18, 2020. Meet me there and let’s chat about progress and hype in quantum computing.