On Wed, 30 Dec 2015 07:34:52 +1000 Hans wrote: > Hi, > > Is it possible to fully encrypt a Gentoo system as can be done with > Fedora, Suse, Arch Linux, Debian and Ubunto without using a unencrypted > USB boot stick or unencrypted /boot partition? > > If yes, where can I find instructions that really work on a BIOS only > box without UEFI, EFI, systemd using EXT4 file system?
The easiest way is to use ATA password for your drive (go into BIOS menu for that or use some live image capable of that, e.g. any Linux with hdparm or mhdd). If you want to use Linux encryption (e.g. LUKS), you have to have some piece of data unencrypted, because bios/uefi needs to load some code which will be able to run kernel and decrypt your drive. This peace may be kernel + initrd on efi partition or boot partition, usb stick and so on. Of course it is possible to boot from external media (PXE, CD/DVD, USB stick) and have whole HDD/SSD encrypted. Though I see little point in whole / encryption. What is the point to encrypt /usr, /lib, /bin, /sbin? Just do this to /home, /var and other sensitive pieces. Best regards, Andrew Savchenko
pgp3ktGTUqY72.pgp
Description: PGP signature
