On 12/21/18 7:41 AM, g4sra via Dng wrote:
>
>> Here's a video showing how to create an encrypted partition using the
>> manual partitioning step in the installer. You probably did it wrong.
>> Don't feel bad - I did it wrong three times before I got it right for
>> the video, and I've done this before.
>> http://distro.ibiblio.org/refracta/misc/partition_encrypt-4.ogv
>
> Thanks for the video, it took me more than three attempts :P.
> I had existing partitions on the drive that I needed to keep so did not
> go near the 'use entire disk' option. The partitioning in the video does
> not encrypt the entire disk, it leaves /boot outside. Kernel and initrd
> are exposed giving a potential attack vector.
If you have a BIOS that will boot from a USB disk then you can encrypt
your whole hard drive. You have to protect the USB disk, though, and
should probably keep a few in case one fails.