You are not logged in.
Pages: 1
Hi all,
I'm new to Bunsenlabs. I've installed it this morning on my laptop and i'm enjoying it. I had to fix an audio issue where my fn volume keys were not working in Bunsenlabs by following this post. Now that's fixed, I just have one question: is my home directory encrypted? I know other distributions have the ability to encrypt the home directory, so does Bunsenlabs? And is it done by default? If not, how can I do it?
Thanks in advance!
Offline
Did you mean to post in the Crunchbang Waldorf support forum? If not we can move it to an appropriate place, like "System Administration"
Be Excellent to Each Other...
The Bunsenlabs Lithium Desktop » Here
FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt «» BunsenLabs on DeviantArt
Offline
Sorry yes, if it could be moved that'd be good. Thanks!
Offline
https://wiki.debian.org/TransparentEncr … HomeFolder
and
Look before you leap into Disk Encryption
NB The Help menu has extensive links to Debian system management etc
Be Excellent to Each Other...
The Bunsenlabs Lithium Desktop » Here
FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt «» BunsenLabs on DeviantArt
Offline
si20,
Unfortunately, there is currently no option in the Debian installer in order to select disk encryption. BL uses the Debian installer.
If you're used to some other distros like Ubuntu or Mint, they use their own installers which generally will offer that option during the install process.
With BL, you'll have to manually set it up.
Offline
Unfortunately, there is currently no option in the Debian installer in order to select disk encryption.
There is, actually, I've used it in the past.
"encrypted LVM" is available on the BunsenLabs installer too:
...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), idle Twitterings and GitStuff )
Offline
Thanks for that correction, John.
I wish I would have seen that option during install, at least for the home folder.
Is that option in the graphical install?
Thanks,
GM
Offline
^yes. I've just checked, and did an encrypted install (whole disk, except for grub) on a virtual machine.
Very easy - you just have to set a passphrase, basically.
Once installed, after the grub boot screen, you enter the passphrase in the tty before going on to the LightDM login screen.
Last edited by johnraff (2017-02-03 06:00:38)
...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), idle Twitterings and GitStuff )
Offline
Here is a detailed "how to" of #BĹ full disk encryption:
https://forums.bunsenlabs.org/viewtopic.php?id=1272
If I'm not mistaken it's also possible to create only an encrypted home directory via installer (on a logical volume group just encrypt home ((lvm home))). There are also several easy to find tutorials on the net of encrypting the home folder afterwards. Did not try this method though, somehow setting it up from the beginning seems to be easier.
Offline
Which way you jump depends why you're encrypting, there are some use cases on multi-user systems that might justify setting up encrypted /home as linked by @damo "in case my computer / hard drive gets stolen" isn't one that justifies the extra pain compared to setting up encrypted LVM during install, in the latter much more common case whole disk encryption (encrypted LVM for Linux, veracrypt / bitlocker for Windows) is the more reliable and less error prone option, if you have one there's even more to be said in favour of a self encrypting drive and a default install. The KISS principle is doubly important with encryption, because an error or failure resulting in massive unrecoverable data loss is much more likely.
As soon as you start down the encryption road, the importance of backing up your data quadruples (at least), and gets complicated more by the potential need (depending on threat model) to encrypt your backups too...
Also beware the extra BL GOTCHA if you manually encrypt /home namely that graphical login breaks because LightDM calls a script which checks for things that aren't yet decrypted, errors silently, and dumps you back at the login screen in an endless circle.
Blessed is he who expecteth nothing, for he shall not be disappointed...
If there's an obscure or silly way to break it, but you don't know what.. Just ask me
Offline
Pages: 1