Quantcast
« FBI spyware has been catching criminals for years
Ubuntu Linux Swap Partition Encryption »

Ubuntu Netbook Remix / Desktop Home Encryption

Posted in Privacy, Security on May 2nd, 2009 by Justin Case

So last week I got my new Acer Aspire One, awesome little netbook here. First things first, I had to remove Windows XP Home and put Ubuntu 9.04 on it. Everything runs pretty good, the webcam works, and the microphone works properly after setting the sound capture to ‘HDA Intel ALC268 Analog (ALSA)’.

Being so small I wanted to encrypt the hard drive with luks, in case it was stolen or lost. Initially I used the alternative install ISO to do this. The install was complicated due to the installer complaining about the lack of a CD drive, and the performance hit was just too big. So, I decided use the Netbook Remix and do just /home encryption, as that is where most settings and personal files should be stored.

The regular desktop ISO and the netbook IMG do not offer encryption during installation, so here is how I accomplished it.

Download the Desktop ISO or Netbook Remix IMG.
Write the ISO or IMG to your media (in my case I used a usb thumb drive).

Boot into the LiveCD from your USB stick (or CD if you have a CD drive).

Start the installation, and choose to manually partition your drive.

Make two partitions. One for your / and one for swap. I have a 160gb HDD and did the following:

/dev/sda1 – 30gb – ext4 – mount as /
/dev/sda2 – 2gb – SWAP

Leave the remaining space unallocated, it will be used for your future /home.

Go ahead and install as normal.

When I created my user, I chose to have it login automatically, since once we are done a password will be required to mount /home anyways.

Once done, boot up into your fresh install.

You will need to connect to the Internet.

I went ahead and updated my install.

Then go to (System> if your using the Desktop version) Administration> Software Sources,

Make sure all the repositories are enabled, and up to date.

Now open a terminal.

Become root
sudo -s

Install the package ‘cryptsetup’
apt-get install cryptsetup

Install the package gparted
apt-get install gparted

Run gparted
gparted

Using gparted, partition the unallocated space as ext3, I used /dev/sda3

Now create the luks partition

cryptsetup --verify-passphrase --verbose --hash=sha256 --cipher=aes-cbc-essiv:sha256 --key-size=256 luksFormat /dev/sda3

Setup the device mapper
cryptsetup luksOpen /dev/sda3 home

Create the file system
mke2fs -j -O dir_index,filetype,sparse_super /dev/mapper/home

Mount the partition
mount -t ext3 /dev/mapper/home /mnt

Copy your home dir
cp -axv /home/* /mnt/

Unmount the partition
sudo umount /mnt

Edit /etc/fstab to use the new encrypted home dir
nano /etc/fstab

Add this line to the bottom of /etc/fstab
/dev/mapper/home /home ext3 defaults 1 2

Edit /etc/crypttab to decrypt the new home dir on boot
nano /etc/crypttab

Add this line to /etc/crypttab
home /dev/sda3 none luks

Reboot. Now you should be using your new encrypted home dir.

To remove your old /home files, you will need to boot back into the livecd and run the following in a terminal:
sudo -s
mkdir temp1
mount /dev/sda1 temp1
cd temp1/home/
rm -rf *

Now you should be all done. If you had any sensitive data in the old /home you may wish to install a secure delete program like ‘wipe’ while running off the LiveCD and do a secure delete.

I plan to do encryption of the swap file as well, please check back for that future post.

I would like to thank Kilobit for the Acer Aspire One to play with.

I used this post as my refrence, when initially trying /home encryption.

You can find me as ‘Dox’ or ‘TheDox’ on efnet in #ubuntu and #wifi.

Related Blogs

This entry was posted on Saturday, May 2nd, 2009 at 8:18 pm and is filed under Privacy, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply