Rootfs Encryption on Ubuntu 16.04
#1
Brick 
Hi guys,


do you have an idea about which is the best approach to crypt the entire rootfs (using criptsetup software or other tools) and then decrypt itself automatically on system startup?


Thanks in advance  Wink
  Reply
#2
there is no reason to encrypt the entire rootfs so i think the best approach is to not do it. however, if i do encrypt data there is certainly no reason to automatically decrypt on startup since anyone who steals the device would only need to turn it on to gain access to un-encrypted data.
  Reply
#3
(05-05-2017, 05:03 AM)saro Wrote: do you have an idea about which is the best approach to crypt the entire rootfs (using criptsetup software or other tools) and then decrypt itself automatically on system startup?

Why would you want to encrypt the entire rootfs? Why not just partition things so you have a separate /home partition, and encrypt that? I don't think the core operating system files are that exciting that they would need to be encrypted/decrypted!
  Reply
#4
Perhaps you could give some insight into your use case and why you're interested in encrypting the OS image? Sometimes knowing a few more details sparks ideas.
  Reply
#5
(05-05-2017, 10:59 PM)dkryder Wrote: there is no reason to encrypt the entire rootfs so i think the best approach is to not do it. however, if i do encrypt  data there is certainly no reason to automatically decrypt on startup since anyone who steals the device would only need to turn it on to gain access to un-encrypted data.
Hi dkryder,
I must garantee that my system can run only on a specific pine64 machine and must be unreadable when connect the sd card on other machines.

(05-06-2017, 03:45 AM)pfeerick Wrote:
(05-05-2017, 05:03 AM)saro Wrote: do you have an idea about which is the best approach to crypt the entire rootfs (using criptsetup software or other tools) and then decrypt itself automatically on system startup?

Why would you want to encrypt the entire rootfs? Why not just partition things so you have a separate /home partition, and encrypt that? I don't think the core operating system files are that exciting that they would need to be encrypted/decrypted!
Hi pfeerick,
I must garantee also that the system tools installed, and the type and version of the OS must be unreadable with an sd card analysis.

(05-09-2017, 02:48 PM)bobpaul Wrote: Perhaps you could give some insight into your use case and why you're interested in encrypting the OS image? Sometimes knowing a few more details sparks ideas.
Hi bobpaul,
my idea is a fully encrypted System coupled with a start on a specific pine64 machine only.
  Reply
#6
well i know that the new win 10 pro [not home] has bitlocker which can fully encrypt sd cards and flash drives making then unusable to anyone. but the downside is that you would have to un-encrypt to use and then encrypt after each use plus you need win 10 pro. but there may be other programs that can do this.
  Reply
#7
(05-11-2017, 05:09 AM)dkryder Wrote: well i know that the new win 10 pro [not home] has bitlocker which can fully encrypt sd cards and flash drives making then unusable to anyone. but the downside is that you would have to un-encrypt to use and then encrypt after each use plus you need win 10 pro. but there may be other programs that can do this.

Hi dkryder,
sorry but my intent is another, similar to automated procedure followed by
Ubuntu installer software, in which is possible to crypt all rootfs and swap partition
and decrypt them on startup.
  Reply
#8
(05-17-2017, 04:01 AM)saro Wrote: sorry but my intent is another, similar to automated procedure followed by
Ubuntu installer software, in which is possible to crypt all rootfs and swap partition
and decrypt them on startup.

I suggest you have a look eCryptfs then as that is the tool that Ubuntu uses to encrypt the /home partition as part of a new install.

dm-crypt and truecrypt (now veracrypt) are two other possibilities... though I don't know how you'll fare as far as getting them to work on the pine64. This guide may give you some guidance on how and what to use.
  Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  SPI on ubuntu IlyaM 4 1,256 07-16-2018, 03:00 AM
Last Post: kingflab
  Ubuntu password not working joemassimino 4 672 05-18-2018, 03:33 PM
Last Post: Luke
  After flashing Ubuntu- how to get graphical desktop Partymack711 6 1,513 02-01-2018, 09:45 AM
Last Post: Partymack711
  (ARCHIVED) Ubuntu Xenial Image (BSP Kernel) longsleep 337 146,548 01-31-2018, 11:58 AM
Last Post: Luke
  PPTP doesnt work with ubuntu escovedo 2 2,005 08-23-2017, 09:28 AM
Last Post: gilbertotcc
Question HELP Ubuntu Mate password recovery procedure Captain Anni Hilator 5 1,898 08-03-2017, 03:52 PM
Last Post: Luke
  Ubuntu boot very slow with wifi driver remainder 9 2,053 08-03-2017, 07:23 AM
Last Post: victorssantos
  Recovering root access in Ubuntu Scientomancer 3 656 07-28-2017, 02:53 PM
Last Post: Scientomancer
  Pine64 2Gb Ubuntu Mono not updating and stuck petec 0 569 07-08-2017, 09:34 AM
Last Post: petec
  Ubuntu Xenial - Firefox add support for H264 and EAC3 klode 1 1,413 05-26-2017, 11:10 AM
Last Post: Gnx

Forum Jump:


Users browsing this thread: 1 Guest(s)