Encrypting “the disk” on a enterprise linux 6 system
I searched long and hard for a specific write up on how to encrypt “the disk” of an enterprise linux (centos6, red hat 6, fedora 6) system and came up empty handed. I found an old write up that I started to dive into, until I hit the GUI part.
I immediately realized why I had so much trouble finding a write up for CentOS6… it is too easy to detail.
Custom disk layout:
You create a custom disk layout, specifying a partition, and allocating about 500MB for the /boot partition unencrypted (I couldn’t find any info on encrypting the boot partition). Then create a physical LVM volume for with the remainder of space and check Encrypt. Then create logical LVM volumes on the previously created physical LVM volume. You do not need to encrypt these as they are already encrypted via the encrypted LVM physical volume.
The ratios are as follows:
||Size (percentage of “whole disk” unless otherwise noted)|
|/boot||500MB (centOS minimal)|
|/||67.56% (to the nearest GB)|
|/home||29.72% (to the nearest GB)|
|swap||RAM*2 (see `cat /proc/meminfo` via CTRL-ALT-F2, then CTRL-ALT-F6 to get back to UI)|
You will then be prompted to enter the password via the file system mounting during the boot process.
You can edit /etc/fstab in order to exclude the LVM physical volume from mounting at boot, if you wish.