Home > Uncategorized > Encrypting “the disk” on a enterprise linux 6 system

Encrypting “the disk” on a enterprise linux 6 system

I searched long and hard for a specific write up on how to encrypt “the disk” of an enterprise linux (centos6, red hat 6, fedora 6) system and came up empty handed. I found an old write up that I started to dive into, until I hit the GUI part.

I immediately realized why I had so much trouble finding a write up for CentOS6… it is too easy to detail.

Custom disk layout:
You create a custom disk layout, specifying a partition, and allocating about 500MB for the /boot partition unencrypted (I couldn’t find any info on encrypting the boot partition). Then create a physical LVM volume for with the remainder of space and check Encrypt. Then create logical LVM volumes on the previously created physical LVM volume. You do not need to encrypt these as they are already encrypted via the encrypted LVM physical volume.

Partition ratios:
The ratios are as follows:

Partition

Size (percentage of “whole disk” unless otherwise noted)
/dev/sda

100%
/boot

500MB (centOS minimal)
/

67.56% (to the nearest GB)
/home

29.72% (to the nearest GB)
swap

RAM*2 (see `cat /proc/meminfo` via CTRL-ALT-F2, then CTRL-ALT-F6 to get back to UI)

You will then be prompted to enter the password via the file system mounting during the boot process.

You can edit /etc/fstab in order to exclude the LVM physical volume from mounting at boot, if you wish.

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: