site  contact  subhomenews

Frugal install encryption of working partition

November 30, 2018 — BarryK

I posted yesterday about enhancements to frugal installation:

Another area that needed improvement is handling of encryption. In the case of a flash-stick, the working-partition is created at first bootup, and it is created with ext4 filesystem with encryption capability enabled.

However, for a frugal install, the working-partition is pre-existing. For encryption, enter a password at bootup to decrypt certain folders in the working-partition. It must be an ext4 filesystem, and must have encryption capability enabled.

The 'init' script in the 'initrd' now checks for this. If it sees that the pre-existing working-partition is ext4 but does not have encryption capability enabled, it offers to enable it (using the 'tune2fs' utility).

If the user chooses in the affirmative, then a password is asked for. Otherwise, the ext4 filesystem is left alone, and no password is asked for.

This is a frugal installation, so the working-partition could be used for other purposes, including many other frugal installations. I don't think that turning on encryption capability will have any negative impact on whatever else is in the working-partition.  

Tags: easy