How to encrpyted harddisk partition,aka. sysres scratch area

All other questions
cryquestion
Posts: 3
Joined: 31 Jan 2015, 22:27

How to encrpyted harddisk partition,aka. sysres scratch area

Postby cryquestion » 31 Jan 2015, 22:38

I split up my harddisk into 4 primary partitions:

1. windows boot loader
2. windows operating system
3. windows user data
4. ext4 files system to use as scratch diskspace when booting system rescue CD.

paritions 1,2 and 3 occupy the first half the the harddisk space
and partition 4 occupies the last half of the diskspace.

I want to use partition 4 to periodically bootup system rescue cd outside of windows to use fsarchiver
to take a snapshot of parition 1 and 2. so that i can unroll them in the future when
windows develops a strange virus that i can't remove....in otherwords,
my partition 4 would be filled with fsarchiver dumps with different dates
that i can unroll at anytime to restore my windows operating system back
to this date in time...

The problem i have is that i want to have partition 4 encrypted... so that nobody can
boot using system rescue cd, and mess around with my linux file system...
thus, i want this partition to be encrypted... what are my opinion with system resue cd?

Currently, i'm just mounring partion 4 as follows:

mkdir sda4
mount /dev/sda4 sda4
cd sda4
ls
fsarchive #...


also note, my windows user parition (partition 3) is filled with bitlocker encrypted VHD filesystems that i can mount to a logical letter at any time when im in windows to control access... is there a way to read these from system rescue cd as well?

cryquestion
Posts: 3
Joined: 31 Jan 2015, 22:27

Re: How to encrpyted harddisk partition,aka. sysres scratch

Postby cryquestion » 31 Jan 2015, 22:44

to answer my own question:

I found that i can create a LUKS encrypted disk partion using the following script:


# Encrypt Device with LUKS
#---------------------------------

MAP=soda
DEV=/dev/sda4

set -o verbose
set -o errexit

cryptsetup -y -v luksFormat $DEV
cryptsetup luksOpen $DEV $MAP
ls -ltr /dev/mapper/$MAP
mkfs.ext4 /dev/mapper/$MAP
mkdir -p $MAP
mount /dev/mapper/$MAP $MAP
cryptsetup -v status /dev/mapper/$MAP
umount /dev/mapper/$MAP
cryptsetup luksClose /dev/mapper/$MAP


Then i can mount the encrypted file system using this script:


MAP=soda
DEV=/dev/sda4

set -o verbose
set -o errexit

cryptsetup luksOpen $DEV $MAP
ls -ltr /dev/mapper/$MAP
mkdir -p $MAP
mount /dev/mapper/$MAP $MAP
cryptsetup -v status /dev/mapper/$MAP


Then, i can unmount the encrypted filesystem using this script

MAP=soda
DEV=/dev/sda4

set -o verbose
set -o errexit

umount /dev/mapper/$MAP
cryptsetup luksClose /dev/mapper/$MAP


Return to “Other”

Who is online

Users browsing this forum: No registered users and 5 guests