[Grml] Installing grml with encrypted root with encrypted swap

Michael Gebetsroither gebi at sbox.tugraz.at
Sat Jul 28 16:44:47 CEST 2007

Quoting Mathew Brown <mathewbrown at fastmail.fm>:

>   I was wondering if it was possible to install grml on an encrypted
>   root partition and with an encrypted swap partition.

Yes, no problem!

> I plan on
>   installing grml on an external USB drive and since it can be stolen so
>   easily, I'd rather protect my data using encryption.  So is this
>   possible?

Yes too ;).
If you only want to protect your data, ecryptfs only for your data  
would imho the best option (ecryptfs is a stacked cryptfs, so no  
special cryptocontainer is needed).

> According to http://grml.org/grml2hd/grml2hd.html this can't
>   be done but that web page hasn't been updated since Jan. 2006.  Any
>   ideas?

grml2hd doesn't support this directly, but it is easy to upgrade a  
grml with many different encryption schemas.

If you want real encrypted root you should use cryptsetup-luks, so  
every single bit except /boot is encrypted on your stick (/boot has to  
be on a seperate partition).
Just create the encrypted partition and install with grml2hd on it  
(afterwards you need to configure grml to be able to boot from it) [1].

If you want to protect your sensitiv private data just use ecryptfs on  
the folders you want to encrypt.

Encrypted swap is just 2 lines of config ;)[2].

[1]: /usr/share/doc/cryptsetup/README.initramfs.gz
[2]: /usr/share/doc/cryptsetup/CryptoSwap.HowTo


More information about the Grml mailing list