Complete encryption in dual boots

shanx · #1 29th May 2012, 03:07 PM

i am want to install fedora 17 with full disk encryption, but i have arch linux installed on the same disk(seperate partition) too
fedora only encrypts those partition which are to be formated during install like its /root, /boot,etc...so i am not going to have any problem, right?

also, is haveing seperate /boot for fedora neccessary?, i find it needless
also, i have not installed bootloader for arch, as arch is having problem to install bootloader anywhere when it is installed on a GPT disk......so fedora bootloader does both distro's job

thnx in advnc

nonamedotc · #2 29th May 2012, 03:23 PM

Quote:

Originally Posted by shanx

i am want to install fedora 17 with full disk encryption, but i have arch linux installed on the same disk(seperate partition) too
fedora only encrypts those partition which are to be formated during install like its /root, /boot,etc...so i am not going to have any problem, right?

No problems there as long as you don't touch your arch installation partition. I have done this with Arch, Linux Mint and SL6.2.

Quote:

Originally Posted by shanx

also, is haveing seperate /boot for fedora neccessary?, i find it needless

It is not needed. I prefer to encrypt / too in which case /boot would be needed since /boot needs to be on an unencrypted partition.

shanx · #3 29th May 2012, 04:22 PM

thnx nonamedotc, i was so stubborn that i was going to encrypt /boot too

now...(maybe this takes my stubborness to new heights)..i have single swap for both distros, so i shouldn't encrypt swap, should I?

nonamedotc · #4 29th May 2012, 04:25 PM

Unless you are doing some extremely heavy processes, you do not need swap. If you want swap accessible to both Arch and Fedora, yes, you should not encrypt it.

Alternatively, after you finish installing Fedora, you can use cryptsetup in Arch and activate swap. Perhaps, the easiest option is just to leave swap unencrypted.

Cheers.

shanx · #5 29th May 2012, 04:43 PM

Quote:

Originally Posted by nonamedotc

Alternatively, after you finish installing Fedora, you can use cryptsetup in Arch and activate swap.

I would definitely like to experiment that, suppose i encrypted swap in fedora, then how am i gonna use same swap for arch(or anyother distro).......how cryptsetup helps through this
please tell an example, several other people might learn some as well :adore1

***Gareth Jones*** · #6 29th May 2012, 06:51 PM

It is pretty pointless to encrypt file-systems but not swap – even though swap shouldn't get used much these days, you can never be sure, and you must never use hibernate without swap encryption.

My advice is to encrypt swap in both distros, or have separate swap partitions.

Personally I wouldn't both encrypting the root partition, only swap, /var, /tmp (on F16 or earlier, F17 uses swap for /tmp via a tmpfs – another reason to encrypt it!) and /home – these are the only places where personal information should end up. The root partition is normally just standard distro files so might as well be left unencrypted for efficiency unless you know otherwise, and /boot must be unencrypted because the boot-loader doesn't know about encryption.

---------- Post added at 06:51 PM ---------- Previous post was at 06:05 PM ----------

Actually, looking at the crypttab manual page, the "swap" option looks like it can encrypt swap for Fedora on boot and restore swap to an unencrypted state on shut-down, so you may not need to encrypt swap in arch.

nonamedotc · #7 29th May 2012, 07:24 PM

Quote:

Originally Posted by Gareth Jones

Actually, looking at the crypttab manual page, the "swap" option looks like it can encrypt swap for Fedora on boot and restore swap to an unencrypted state on shut-down, so you may not need to encrypt swap in arch.

That is quite convenient!! Did not know that part at all.

From the man page (for the lazy people amongst us),

Quote:

swap

The encrypted block device will be used as a swap partition, and will be formatted as a swap partition after setting up the encrypted block device. The underlying block device will be formatted again as an unencrypted swap partition after destroying the encrypted block device. (This allows sharing a single swap partition between operating system installations, with some of them encrypting the swap partitions and some of them not.)

sea · #8 29th May 2012, 07:26 PM

Quote:

Originally Posted by Gareth Jones

... F17 uses swap for /tmp via a tmpfs – another reason to encrypt it!) ...

Thats the first point i've come accross that would 'allow' to use f17.

One should be able to (i do) the same swap partition for several distros.
But it must not be formated on further OS installations, specialy if you're using encryption.

***Gareth Jones*** · #9 30th May 2012, 09:17 PM

Quote:

Originally Posted by Gareth Jones

/tmp (on F16 or earlier, F17 uses swap for /tmp via a tmpfs – another reason to encrypt it!)

Just for completeness, it's F18 that'll have tmpfs on /tmp apparently, not F17 yet.