mjhjmtu

I'm trying to install Debian in my Dell inspiron 8GB ram + 500GB HD. Althought I could install it without any problems with the regular install and even with a few modifications, I'm trying to maximize my computers security, and therefore I would like to have the / folder encrypted.

Not only that, I would also like that the passphrase for it's encryption was asked before the login screen loaded. The computer will have only one user, and root permissions run trough sudo. So, the question is:

How do I get to install Debian with a passphrase for encrypted / asked before the login screen?

This is my initial idea to assure security, but I'm open to new ideas and other devices I can use for that purpose.

How about setting up encrypted LVM during installation? It's pretty straight forward to setup, just follow the instructions during installation and when you're done you will be asked for a password every time before the OS boots (and then at your user login too).

http://www.debian.org/releases/stable/amd64/ch06s03.html.en#di-partition

Use DM-crypt with LUKS. Make sure not to put important data in it without a backup when still testing! Losing your encryption keys = certain data loss!

Furthermore, you can choose to use a password, but you can also choose to use a keyfile. A keyfile can be stored on a separate flash drive or something, together with your /boot directory contents, so that nobody could ever get in your hard drive by guessing the password. Additionally, when you boot from the flash drive, you can choose not to password protect the keyfile, so booting up will happen transparently to you as a user.

Encryption does make your system a bit slower and less responsive to opening large files. Some recommendations:

• Don't create root on an external USB 2 hard drive. (Slow + slow = really slow)


• I had lagging problems with using BTRFS. Better use EXT4 or XFS.

Arch has an excellent wiki page about DM-crypt with LUKS. I followed it for my Gentoo box a year or 2 ago.

Good luck!