Full Disk Encryption

From Open Source Ecology
Jump to: navigation, search

Hey Marcin,

> New machine is also Dell Precision M6500...Ubuntu 16.04 > I do not recall any options for FDE upoin install.

FDE = Full Disk Encryption. This is very, very important. It's been very easy to setup FDE at install since Ubuntu v12.10 thanks to the EFF. Just check the "Encrypt the new Ubuntu installation for security" when you setup the disks. 

* https://www.eff.org/deeplinks/2012/11/privacy-ubuntu-1210-full-disk-encryption
* https://tutorials.ubuntu.com/tutorial/tutorial-install-ubuntu-desktop-1604#5

If FDE is setup, then you will need to enter a password immediately after booting your computer. Note that this is a distinct password prompt than the user login password. If the first password prompt you receive is in the GUI, then you don't have FDE. If the first password prompt you receive is immediately after grub before you see the ubuntu loading screen, then you have FDE. Without FDE, any file you delete can be trivially un-deleted by an attacker. So, for example, if your laptop was lost or stolen, then anyone would be able to recover from your unencrypted computer, for example, our keepass private key file, your ssh private key, you bitcoin wallet file, or perhaps a session cookie from your browser from your bank, permitting them to login to your bank without requiring authentication first.

FDE is critical. If you don't have it setup, is it too late to re-install your new Dell laptop with FDE enabled? > Create $HOME/keepass/mnt/ folder first, right? Yes. You'll also probably need to create $HOME/.ssh as well. Also related to FDE & good bit hygiene: you should never trash/donate/recycle/etc an old machine of yours without first sanitizing the hard drive. This can be done, for example, with the live linux distro DBAN = Darik's Boot and Nuke. It will securely erase anything ever written to the disk it "nukes". 

* https://dban.org/


Cheers, Michael Altfield Senior System Administrator PGP Fingerprint: 8A4B 0AF8 162F 3B6A 79B7 70D2 AA3E DF71 60E2 D97B

Open Source Ecology www.opensourceecology.org

Retrieved from "https://wiki.opensourceecology.org/index.php?title=Full_Disk_Encryption&oldid=198070"