How to install Debian with encrypted / and passphrase required before login-screen?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
2
down vote

favorite












I'm trying to install Debian in my Dell inspiron 8GB ram + 500GB HD. Althought I could install it without any problems with the regular install and even with a few modifications, I'm trying to maximize my computers security, and therefore I would like to have the / folder encrypted.



Not only that, I would also like that the passphrase for it's encryption was asked before the login screen loaded. The computer will have only one user, and root permissions run trough sudo. So, the question is:



How do I get to install Debian with a passphrase for encrypted / asked before the login screen?



This is my initial idea to assure security, but I'm open to new ideas and other devices I can use for that purpose.










share|improve this question



























    up vote
    2
    down vote

    favorite












    I'm trying to install Debian in my Dell inspiron 8GB ram + 500GB HD. Althought I could install it without any problems with the regular install and even with a few modifications, I'm trying to maximize my computers security, and therefore I would like to have the / folder encrypted.



    Not only that, I would also like that the passphrase for it's encryption was asked before the login screen loaded. The computer will have only one user, and root permissions run trough sudo. So, the question is:



    How do I get to install Debian with a passphrase for encrypted / asked before the login screen?



    This is my initial idea to assure security, but I'm open to new ideas and other devices I can use for that purpose.










    share|improve this question

























      up vote
      2
      down vote

      favorite









      up vote
      2
      down vote

      favorite











      I'm trying to install Debian in my Dell inspiron 8GB ram + 500GB HD. Althought I could install it without any problems with the regular install and even with a few modifications, I'm trying to maximize my computers security, and therefore I would like to have the / folder encrypted.



      Not only that, I would also like that the passphrase for it's encryption was asked before the login screen loaded. The computer will have only one user, and root permissions run trough sudo. So, the question is:



      How do I get to install Debian with a passphrase for encrypted / asked before the login screen?



      This is my initial idea to assure security, but I'm open to new ideas and other devices I can use for that purpose.










      share|improve this question















      I'm trying to install Debian in my Dell inspiron 8GB ram + 500GB HD. Althought I could install it without any problems with the regular install and even with a few modifications, I'm trying to maximize my computers security, and therefore I would like to have the / folder encrypted.



      Not only that, I would also like that the passphrase for it's encryption was asked before the login screen loaded. The computer will have only one user, and root permissions run trough sudo. So, the question is:



      How do I get to install Debian with a passphrase for encrypted / asked before the login screen?



      This is my initial idea to assure security, but I'm open to new ideas and other devices I can use for that purpose.







      debian system-installation encryption






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Sep 8 '13 at 9:52









      Anthon

      58.7k1796159




      58.7k1796159










      asked Sep 8 '13 at 9:31









      user189838

      111




      111




















          2 Answers
          2






          active

          oldest

          votes

















          up vote
          2
          down vote













          How about setting up encrypted LVM during installation? It's pretty straight forward to setup, just follow the instructions during installation and when you're done you will be asked for a password every time before the OS boots (and then at your user login too).



          http://www.debian.org/releases/stable/amd64/ch06s03.html.en#di-partition






          share|improve this answer



























            up vote
            2
            down vote













            Use DM-crypt with LUKS. Make sure not to put important data in it without a backup when still testing! Losing your encryption keys = certain data loss!



            Furthermore, you can choose to use a password, but you can also choose to use a keyfile. A keyfile can be stored on a separate flash drive or something, together with your /boot directory contents, so that nobody could ever get in your hard drive by guessing the password. Additionally, when you boot from the flash drive, you can choose not to password protect the keyfile, so booting up will happen transparently to you as a user.



            Encryption does make your system a bit slower and less responsive to opening large files. Some recommendations:



            • Don't create root on an external USB 2 hard drive. (Slow + slow = really slow)

            • I had lagging problems with using BTRFS. Better use EXT4 or XFS.

            Arch has an excellent wiki page about DM-crypt with LUKS. I followed it for my Gentoo box a year or 2 ago.



            Good luck!






            share|improve this answer






















              Your Answer







              StackExchange.ready(function()
              var channelOptions =
              tags: "".split(" "),
              id: "106"
              ;
              initTagRenderer("".split(" "), "".split(" "), channelOptions);

              StackExchange.using("externalEditor", function()
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled)
              StackExchange.using("snippets", function()
              createEditor();
              );

              else
              createEditor();

              );

              function createEditor()
              StackExchange.prepareEditor(
              heartbeatType: 'answer',
              convertImagesToLinks: false,
              noModals: false,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: null,
              bindNavPrevention: true,
              postfix: "",
              onDemand: true,
              discardSelector: ".discard-answer"
              ,immediatelyShowMarkdownHelp:true
              );



              );













               

              draft saved


              draft discarded


















              StackExchange.ready(
              function ()
              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f89842%2fhow-to-install-debian-with-encrypted-and-passphrase-required-before-login-scre%23new-answer', 'question_page');

              );

              Post as a guest






























              2 Answers
              2






              active

              oldest

              votes








              2 Answers
              2






              active

              oldest

              votes









              active

              oldest

              votes






              active

              oldest

              votes








              up vote
              2
              down vote













              How about setting up encrypted LVM during installation? It's pretty straight forward to setup, just follow the instructions during installation and when you're done you will be asked for a password every time before the OS boots (and then at your user login too).



              http://www.debian.org/releases/stable/amd64/ch06s03.html.en#di-partition






              share|improve this answer
























                up vote
                2
                down vote













                How about setting up encrypted LVM during installation? It's pretty straight forward to setup, just follow the instructions during installation and when you're done you will be asked for a password every time before the OS boots (and then at your user login too).



                http://www.debian.org/releases/stable/amd64/ch06s03.html.en#di-partition






                share|improve this answer






















                  up vote
                  2
                  down vote










                  up vote
                  2
                  down vote









                  How about setting up encrypted LVM during installation? It's pretty straight forward to setup, just follow the instructions during installation and when you're done you will be asked for a password every time before the OS boots (and then at your user login too).



                  http://www.debian.org/releases/stable/amd64/ch06s03.html.en#di-partition






                  share|improve this answer












                  How about setting up encrypted LVM during installation? It's pretty straight forward to setup, just follow the instructions during installation and when you're done you will be asked for a password every time before the OS boots (and then at your user login too).



                  http://www.debian.org/releases/stable/amd64/ch06s03.html.en#di-partition







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Sep 8 '13 at 10:00









                  phatypus

                  1735




                  1735






















                      up vote
                      2
                      down vote













                      Use DM-crypt with LUKS. Make sure not to put important data in it without a backup when still testing! Losing your encryption keys = certain data loss!



                      Furthermore, you can choose to use a password, but you can also choose to use a keyfile. A keyfile can be stored on a separate flash drive or something, together with your /boot directory contents, so that nobody could ever get in your hard drive by guessing the password. Additionally, when you boot from the flash drive, you can choose not to password protect the keyfile, so booting up will happen transparently to you as a user.



                      Encryption does make your system a bit slower and less responsive to opening large files. Some recommendations:



                      • Don't create root on an external USB 2 hard drive. (Slow + slow = really slow)

                      • I had lagging problems with using BTRFS. Better use EXT4 or XFS.

                      Arch has an excellent wiki page about DM-crypt with LUKS. I followed it for my Gentoo box a year or 2 ago.



                      Good luck!






                      share|improve this answer


























                        up vote
                        2
                        down vote













                        Use DM-crypt with LUKS. Make sure not to put important data in it without a backup when still testing! Losing your encryption keys = certain data loss!



                        Furthermore, you can choose to use a password, but you can also choose to use a keyfile. A keyfile can be stored on a separate flash drive or something, together with your /boot directory contents, so that nobody could ever get in your hard drive by guessing the password. Additionally, when you boot from the flash drive, you can choose not to password protect the keyfile, so booting up will happen transparently to you as a user.



                        Encryption does make your system a bit slower and less responsive to opening large files. Some recommendations:



                        • Don't create root on an external USB 2 hard drive. (Slow + slow = really slow)

                        • I had lagging problems with using BTRFS. Better use EXT4 or XFS.

                        Arch has an excellent wiki page about DM-crypt with LUKS. I followed it for my Gentoo box a year or 2 ago.



                        Good luck!






                        share|improve this answer
























                          up vote
                          2
                          down vote










                          up vote
                          2
                          down vote









                          Use DM-crypt with LUKS. Make sure not to put important data in it without a backup when still testing! Losing your encryption keys = certain data loss!



                          Furthermore, you can choose to use a password, but you can also choose to use a keyfile. A keyfile can be stored on a separate flash drive or something, together with your /boot directory contents, so that nobody could ever get in your hard drive by guessing the password. Additionally, when you boot from the flash drive, you can choose not to password protect the keyfile, so booting up will happen transparently to you as a user.



                          Encryption does make your system a bit slower and less responsive to opening large files. Some recommendations:



                          • Don't create root on an external USB 2 hard drive. (Slow + slow = really slow)

                          • I had lagging problems with using BTRFS. Better use EXT4 or XFS.

                          Arch has an excellent wiki page about DM-crypt with LUKS. I followed it for my Gentoo box a year or 2 ago.



                          Good luck!






                          share|improve this answer














                          Use DM-crypt with LUKS. Make sure not to put important data in it without a backup when still testing! Losing your encryption keys = certain data loss!



                          Furthermore, you can choose to use a password, but you can also choose to use a keyfile. A keyfile can be stored on a separate flash drive or something, together with your /boot directory contents, so that nobody could ever get in your hard drive by guessing the password. Additionally, when you boot from the flash drive, you can choose not to password protect the keyfile, so booting up will happen transparently to you as a user.



                          Encryption does make your system a bit slower and less responsive to opening large files. Some recommendations:



                          • Don't create root on an external USB 2 hard drive. (Slow + slow = really slow)

                          • I had lagging problems with using BTRFS. Better use EXT4 or XFS.

                          Arch has an excellent wiki page about DM-crypt with LUKS. I followed it for my Gentoo box a year or 2 ago.



                          Good luck!







                          share|improve this answer














                          share|improve this answer



                          share|improve this answer








                          edited Aug 13 at 10:59









                          Jeff Schaller

                          32.5k849110




                          32.5k849110










                          answered Sep 8 '13 at 9:52









                          Tim

                          507211




                          507211



























                               

                              draft saved


                              draft discarded















































                               


                              draft saved


                              draft discarded














                              StackExchange.ready(
                              function ()
                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f89842%2fhow-to-install-debian-with-encrypted-and-passphrase-required-before-login-scre%23new-answer', 'question_page');

                              );

                              Post as a guest













































































                              Popular posts from this blog

                              How to check contact read email or not when send email to Individual?

                              Displaying single band from multi-band raster using QGIS

                              How many registers does an x86_64 CPU actually have?