If you follow staticnat then you will know that I recently started a new job. They issued me a new Dell Latitude D630 including the upgraded video card. This was bit a of a change since I have been using a Macbook exclusively for the past two years. What I learned to love about the the Macbook was the strength of the underling OS and its elegant GUI for day to day use. Knowing my OS opt out of the Win32 world and take the dive into Linux as my primary work environment. This was easy enough considering my laptop came installed with WinXP and the Ubuntu 7.10 installer CD does a great job creating a dual boot system with minimal hassle to the end user.
So I spent my first two weeks running mainly Ubuntu and once in a great while jumping over to WinXP for specific tasks. Midway through my second week though one of our installers had their laptop stolen from their car. This sent a stream of emails around concerning the overall security of our laptops and the client data that we all enevitably have on them. My company had a policy of running TrueCrypt on both Windows and Linux and encrypting a stand alone partition on the drive that all client data was found on. However this had several short commings including applications that do not supprt moving data stores to a secondary location. For the Windows Users the answer was pretty straight forward, use TrueCrypt to encrypt the entire Windows volume boot, OS and all. Much to my chagrin Linux is a bit different. TrueCrypt does not support running /boot, / and /swap in an encrypted volume. So after a few days of looking at TPM and what it could do for us, FDE SATA drives (no clear support for linux) and using native encryption in the kernal we made our choice. Native encryption gave us exactly what we wanted but left any of us runnning Linux needing to rebuild from scratch. In my case this meant installing from the Ubuntu Alternate install CD considering the Ubuntu Live CD does not offer encrypted volumes as an option. With the release of Ubuntu 8.04 Hardy Heron I did just that. I wont go through the process with you but I will point you at the tutorial that got me from A to Z in less than 15 minutes.
Before I went forward with my Ubuntu 8.04 install I did two things
- I used partimage to create a restorable copy of my WindowsXP install in case I trashed the HD while setting up the Linux encryption.
- I then un-installed all but my critical applicaions and used the VMWare Converter Tool from within WinXP to create a virtual machine of my WinXP System. So you get the point of this I plan on installing VMWare Player in Ubuntu and running my WinXP system including my office suite and mail as a Virtual machine and removing my “real” WinXP system from the drive all together.
Then it was off to the Ubuntu install as mentioned above. So as of right now less than 2 hours after I started the Encrypted Volume install here I am posting from my almost fully operational system. Stay tuned for what it takes to get things dialed in a future post.