User:Slowpoke/Full Disk Encryption

Full Disk Encryption (FDE) is the process of encrypting the entire operating system including all files, except for a small boot partition.

= Overview =

Why Encrypt?
There are many reasons why you would want or need to encrypt parts of or your entire system, and entire articles can be (and have been) written about this topic, so let's keep it short, and only go over the technical reasons for FDE.

To gain access to a regular system with only password protected logins, you only need a live system, and often not even that. In most cases, setting init=/bin/sh on the kernel command line in the boot loader suffices to gain a shell where you can change the root password. With a live system, you can simply access all files on the local disk.

With a fully encrypted system, that's impossible. While a dedicated attacker could still manipulate your kernel, initram or bootloader (which are usually still in the open, because you need to boot the system somehow), you are safe against most regular attacks or a simple laptop thief.

Tradeoffs
Employing FDE on your machine involves making some tradeoffs. First off all, always keep in mind the most fundamental law of computer security:

Security = Usability^-1

This holds true for FDE, as well. One of the most obvious things you will lose is boot speed, because you'll be forced to enter your passphrase every time you (re)boot. For system which rarely reboot, this isn't a problem, and on some machines, the BIOS stage will cost you more time, anyways.

Another speed loss you will experience is disk access. Since encryption is a transparent process that the kernel has to handle for all access to encrypted devices, this will obviously cost you some percentage of your disk's read and write speed. With a SSD, this is less noticeable, but still present.

= Preparation =

Securely Erasing the Disk
While this isn't strictly necessary, it's still good to "zero" a disk before encrypting it. The easiest way to do this is using dd.

Depending on the size of the disk, this can take anywhere from a few minutes to several hours. It's a good idea to do this overnight.

Alternativeley, you can also opt to fill the disk with pseudo-random data. To do this, change the input file of the above command to /dev/urandom. This might take a bit longer than just zeroing the disk.

For the truly paranoid, these operation can be repeated as many times as you deem necessary.

Partitioning
This can differ depending on your setup, but in all cases, you will need a small boot partition, enough to hold at least a regular kernel, an initramfs, and whatever files your bootloader will need. A good size is 128MiB.

For the crypted parts, three common setups are:

- one big encrypted partition, which holds the entire root filesystem of your installation - one big encrypted partition, which contains a container such as LVM or ZFS, which can host more than just a single installed operating system - multiple encrypted partitions, one for the home directories (which can be shared among multiple installations), and at least one for a root filesystem.

All have various pros and cons, but we will try to cover all of them to some degree.

Single Crypto-Partition Setup
The first and second setups are pretty much the same for now. Using your partitioning tool of choice, create a small partition for /boot and a crypto partition spanning the rest of the disk.

Multiple Crypto-Partition Setup
The third setup is a bit more complicated, but has its uses as well. For simplicity, we will assume the most basic setup: one partition for /home, and one for /. That means you need three partitions in total: a small one for /boot, and the two others. You need to know yourself how much space you want to allocate for /home and /, respectively.

Setting up LUKS
Now that you have your partitions, it's time to encrypt them. For this, we use cryptsetup, which is part of the correspondent package.

The appropriate command for creating new LUKS volumes is luksFormat, which has a number of important flags.


 * --cipher (-c) 
 * Specify the cipher type. You should probably use xts-aes-plain64 here.


 * --hash (-h) 
 * Specify the hash type. A good choice is sha512.


 * --key-size (-s)
 * Change the size of the generated key. 512 should suffice here.


 * --iter-time (-i)
 * The amount of time to spend with PBKDF2 passphrase processing. 5000 is a good value


 * --use-random
 * You should specify this to avoid generating an insecure key if your system is low on entropy. This will block and wait for more entropy if the pool is empty.


 * --verify-passphrase (-y)
 * Check the passphrase by requiring it to be typed twice. This should be the default, but it doesn't hurt, either way.

So, the command to format your device would look like like this:

Alternatively, you can use a keyfile instead of a passphrase.

= Initram & Bootloader =