2

I'm a proud Suser. I'm about to reinstall 12.2 on my ASUS N76VZ (UEFI x64 laptop).

Since I'm very sensitive about laptop security against theft or unwanted inspection, I chose to use BitLocker with USB dongle in Windows 7.

When installing Suse the last time I found that only the home partition (separated from root) was capable of being encrypted.

Does Suse offer a full disk encryption solution like BitLocker that I haven't discovered yet? Or is encrypting home partition the only way to protect data?

Encrypting only home is feasible as one stores personal data in home, but I still would like to encrypt the whole thing!

Also, using a hardware token (no TPM available) for unlocking is preferred to password, if possible!

Improve this question
3
  • Pre-boot auth available only in Windows
    – usr-local-ΕΨΗΕΛΩΝ
    Commented Nov 15, 2012 at 16:47
  • Ah! sorry I misunderstood the question.
    – avirk
    Commented Nov 15, 2012 at 16:57
  • You may want to cast a wider net than asking for full disk encrypton for SuSE. Different Linux distros relate to eachother in different ways. SuSE is on a branch of Linuxes, closely related distros may offer a solution. My own dabbles in full disk encryption sucked.. I just encrypt my home dir.
    – James T Snell
    Commented Nov 15, 2012 at 23:17

1 Answer 1

Reset to default
1

The LVM option in YaST partitioner setup fullfills all my requirements, though it's password based and not token-based.

The YaST partitioner allows you to choose the option to propose a partitioning based on encrypted LVM. This takes full disk and automatically assigns volume names.

It creates an unencrypted boot drive (/boot), a LVM partition which is encrypted, and within that partition one or more volumes assigned to partitions.

Answering from an encrypted linux...

Improve this answer
6
  • Unfortunatelly it is no longer supported. Root partition cannot be encrypted (with Yast), no matter if it is put directly or within LVM.
    – greenoldman
    Commented Nov 9, 2014 at 16:40
  • Do you mean it requires installing 12.3 and upgrading to 13.1 to keep encryption? This is my laptop's current setup
    – usr-local-ΕΨΗΕΛΩΝ
    Commented Nov 10, 2014 at 8:20
  • Errm, the current OS is 13.2 and I mean it is impossible to have LVM with encrypted root partition, and if you have such setup with older OS (I had) and you upgrade to 13.2, you will be unable to boot (unless you made some custom magic to make this work).
    – greenoldman
    Commented Nov 10, 2014 at 10:51
  • Oooooooooops I forgot to check the latest version
    – usr-local-ΕΨΗΕΛΩΝ
    Commented Nov 11, 2014 at 10:04
  • With OpenSUSE 13.2 you can still make an LVM with encrypted root partition, it just takes some manual work in the installer: create unencrypted /boot, create partition type LVM, create volume group, create logical devices inside it (e.g. /, /home, swap).
    – David Faure
    Commented Aug 31, 2015 at 13:12

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .