14 Nov
2016
14 Nov
'16
2:16 a.m.
sön 2016-11-13 klockan 22:49 +0000 skrev Andy Smith:
So, although support for FDE is pretty good in
installers these
days, I wrote up some notes about using it at BitFolk which you may
find useful:
https://tools.bitfolk.com/wiki/Full_disk_encryption
Another option for the xvdb swap is to randomly encrypt it on boot.
$ grep cryptswap /etc/crypttab
cryptswap1 UUID=1cd6a42b-f9b5-4116-bf00-21e813b5a051 /dev/urandom
swap,offset=1024,cipher=aes-xts-plain64
$ grep cryptswap /etc/fstab
/dev/mapper/cryptswap1 none swap sw 0 0
$
This particular example being based on what the Ubuntu installer
provides when you go for the ecryptfs homedir setup.
// Andreas