encrypt a multi boot linux system

I see many tutorials for encrypting a dual boot windows/linux system using truecrypt, but I don't see anything about how to encrypt a multi-linux system. I am a consultant and have seperate installs for each client since I don't want to co-mingle their intellectual property (so 5 installs of Ubuntu to be exact). This works well, but I'd like to add the extra layer of encryption so that if my laptop is ever stolen their data is encrypted. Could someone point me in the direction of whole drive encryption on a system that has multiple linux installs?

 

So what are you saying, you're running 5 versions of Ubuntu on the same box?

LUKS is the best way I've seen to use encryption in Linux, but each distro does things differently so unless the person here you are asking uses this distro and has done it, then you're going to have to go back to the distro, as I'm assuming Ubuntu and look with them for how to set up LUKS, it's also going to be based on the version too...

I did some digging and here's some info;

https://help.ubuntu.com/community/EncryptedFilesystemHowto

You should have also done this in the beginning when setting up the box;

http://www.linuxbsdos.com/2011/05/09/home-directory-and-full-disk-encryption-in-ubuntu-11-04/

http://www.linuxbsdos.com/2011/05/10/how-to-install-ubuntu-11-04-on-an-encrypted-lvm-file-system/

If we are talking about encrypting partitions you need to do this before you install anything on it since the partition needs to be created and setup for a LVM...

Maybe something like with Truecrypt it can be encrypted without destroying the data, I don't know because I don't use it but with LUKS it will because part of the process is filling the partition with random data...

So it seems like everything is already installed and running, then your best bet is going to be to just use TrueCrypt and make some containers in a directory of your choice that are encrypted and place their data in those, instead of having encrypted partitions...

 

Can't you just encrypt each /home directory on each install? Linux newb here.

PD

 

Yep my bad, if you have different partitions you can certainly encrypt just that one, but most people installing Ubuntu only have / and that's all...

 

Thanks for your replies. You are absolutely right that Ubuntu (and a few other distros) allow for full drive encryption on install. Unfortunately there is no way to add additional installs once that's done. So in this specific case where need to have multiple installs of Ubuntu that I can boot into that's not an option. I have seen tuts for doing whole drive encryption with truecrypt if it's a multi-boot windows/linux setup but not for multi boot linux. My impression in looking into it is that truecrypt has an easier time with the window boot manager than with grub although tbh I'm not exactly sure why that is. That first link from DasFox looks interesting -- strange when In was googling around trying to find something like that everything I found in the Ubuntu forums was for a really old release (7.10 vs 10.4 LTS which I'm using). So I really appreciate your passing that along. What I was really hoping for was whole drive encryption where I could have one master pass for the encrypted drive, but in looking around I think I'll end up doing what PaulyDefran suggested which is to encrypt the partitions I need to protect. A few extra passwords I guess, but at least the data will be protected. Thanks to you both for taking the time to reply.

 

The question in my mind is why are you running 5 different versions of Ubuntu on the same box?

This is not exactly the way to do this, you should be doing this virtualized if also security is your concern, this a part of what virtualization is about, plus having access to several systems without having to bootup to each one every time you need them.

I highly suggest if you need to deal and work with this many systems at one time you start getting into using VirtualBox or VMware...

 

Thanks for the advice. I actually tried the Virtualbox approach before and it did work to a degree but ultimately didn't work out because of slowness in connecting to the VirtualBox as an http host. Each install is pretty much a web server environment and is seperate from my development environment. Unfortunately the lag in connecting to the VirtualBoxes network from a browser on the host to view a page can get to be intolerably long especially after a couple of hours of development -- sometimes longer than 10 secs just to load a web page. Excruciatingly long if much of your day involves making a few changes and reloading a page. I found I would have to restart the virtual machine and sometimes my dev tools several times a day which got to be a pain -- and that was on an intel i7 w/ 8GB ram. Seperate installs just work better for me with what I need to do, and prevents the possibilty of co-mingling data or accidentally violating an NDA when screensharing with a client. It would be ideal to encrypt the whole drive >> enter one passwd >> forward to grub boot choices like in a truecrypt/ windows+ linux multiboot but it looks like that's not possible so likely I'll end up encrypting partitions that need protection. But thanks again for the links and for taking the time to reply.

 

You can encrypt an entire drive, but when most people say that, we are thinking one OS, meaning the partitions are encrypted. I think you're confusing yourself maybe, thinking I have 5 therefore I can't have entire encryption, yes you can if you did it in the beginning when you first installed everything...

LUKS is a Linux app, it needs the system to run on/from...

From all I've read, yes then entire drive can be encrypted which is like saying the / and swap but that's for one OS... So with 5 that means 5 / and 5 swap are then encrypted and that's your entire drive if those are the only two partitions you have, you see?

LUKS is the best in hard drive encryption for Linux, it seems like every distro has it...

http://code.google.com/p/cryptsetup/

But you do LUKS at the beginning of an install if you want it for the entire drive, is what you could of done, if they are all on their own partitions of the hard drive, then it shouldn't matter, it's looked at like it's own OS, nothing to do with the others that should affect it...

There is no such thing as installing full hard drive encryption with an OS installed on the drive, the system needs to be wiped so the drive can be prepared.

The only thing you can do now, if you made other partitions is encrypt one of those after you move out the data, if you just did a default Ubuntu install then you're only going to have just / and swap is all, so the only thing you can do now is just use Truecrypt and make some encrypted directories and files...

You might also want to look later into Type 1 Hypervisor Virtualization, from VMware and Citrix, then it runs right off your own hardware...

 

I actually tried that initially, thinking that I would do the first install using Ubuntu alternate dvd, encrypt the whole drive then add more installs side by side. The problem I ran into was that on trying to install the second system, the installer coudn't see the partitions since the whole drive was encrypted. That being said, it might be worth experimenting some more to see if I can work that out. At the very least it's worth reading up on this a bit more, I was just hoping someone had already done something similar to what I'm trying to do and might help me shorten the learning curve. Thanks again for your help and the links. I'll be sure to post back to this thread if I can manage to get it worked out.

 

Well call it whole drive if you want, but I don't see it that way. You're encrypting the / and swap of two partitions, then you have free space, that you are going to install to and I've never done this, but I would of thought it's going to work...

You need to really be talking on Ubuntu's IRC channels or their Forum instead...

Let me know what you find...