Ubuntu – How to truly secure a hard-drive

encryptionhard drivepartitioningSecurity

When I boot from an USB stick into my laptop I am able to mount and connect through chroot to the my hard drive and browse my files without a problem, while this has been something very very useful in times, I figure it would also be way to easy to access my files and installation for someone else.

What alternatives do I have to secure my hard drive?

Best Answer

One word: LUKS

LUKS is a full-disk encryption method. At boot-time, you have to enter a passphrase. With the given passphrase, a key slot is unlocked and the actual key for encrypting the data is retrieved. LUKS can be seen as a encrypted partition which holds another partition.

Because most users have multiple partitions (the / partition and swap), it's often used with LVM to avoid having to enter a password for each LUKS encrypted partition. LVM can be seen as a special partition holding multiple partitions (simplified). The structure would look like this:

+-LUKS partition
  +-LVM partition

Using the alternate CD, you can create a new installation using LVM + LUKS. Within the disk partitioning step, an option is visible for copying data from another partition. If you do not mind reinstalling the whole system, backup your files and settings and do a new installation using the alternate CD.

For a more correct documentation of LUKS (cryptsetup), see Cryptsetup FAQ.

Related Question