Here is a configuration cheat guide I use for configuring Encrypted
SWAP with a random generated Key at boot. This configuration breaks
suspend to disk so be sure to reconfigure power management if you use
it.
I encrypt everything with LUKS/DMCrypt except /boot and /boot/efi but
I have been looking at encrypting /boot as well with a new method I
found which requires UEFI. I have not tested it yet but I do not think
it is really necessary.
YaST can perform almost all the LUKS/DMCrypt setup except it use to
provide an error when encrypting the root partition which had to be
configured manually.
I just used this on a new Fedora 22 Install and it works well with no
issues. I also made two swap partitions and encrypted both and
configured both to priority 1 to test stripping which also works.
You may want to over right swap three times if you are a secure
sensitive environment with dd instead of just once you can do this by
running the command three times.
It would be nice is there was a configuration option on The openSUSE
installation DVD to do this but currently I do not think there is.
On Wed, Jun 10, 2015 at 12:24 PM, Lew Wolfgang
Hi Folks,
The IA Overlords are rattling their sabres again and are demanding that Whole Disk Encryption be applied to all systems to protect data while its "resting". Basically, if a system is off, all data on non-volatile memory devices has to be encrypted. A TPM can be used for authentication once power is supplied, or the system could prompt for a password before booting.
Would openSuSE, or anything else for that matter, support this kind of a thing? I think TrueCrypt came close, but how would it handle multiple 70-TB partitions?
Regards, Lew
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org