Data Encryption - Encrypted LVM

Article Index

Leveraging Debian 4.0r0’s Encrypted LVM for Windows

From what I can gather Debian 4.0r0 uses AES-256 to create encrypted hard drives on installation.  This is a wonderful thing.  Not only is Debian free, but the security of having an entire disk including boot and swap partitions is tremendous.

For those of you thinking that we are going to pull some Linux functionality and place it in the security unconscious Windows environment, think again.  What we are going to do is use Linux as a wrapper and run Windows in a virtual environment.

First, you need to make sure that you write down all devices that your computer contains and make sure that they are compatible with Debian.  I have gone through the process more than once only to discover that my network cards (both wired and wireless) are incompatible.  Make sure that you contact the manufacturer’s websites for the various devices that you are using.  Burn those onto removable media of some sort so that they are available.  We will be reformatting your machine and you will lose anything saved on it.  Make a backup.

Once you are sure that your equipment will support Debian, download an installation from www.us.debian.org.  Follow the instructions to partition the drive as an encrypted LVM.  Make sure that you select a strong password for the drive and don't forget what it is.  Don't write it down on a Post-It and stick it to your monitor either.

When you have your Debian system up and running with a windowed environment (KDE, Gnome, xfce), you will need to install and configure virtualization software.  There are a variety of products on the market today – VMWare Workstation, Xen, KVM.  Just make sure it runs under Linux and supports the installation of a Windows virtual machine.

After everything is configured, install Windows in the virtual machine.  You can then configure Debian to automatically load the virtual machine in full screen on startup.  This gives you the ability to run the applications that you are familiar with while giving you a secure base Linux that you can transition to in the future.

This does not secure your Windows environment.  Your Windows virtual machine will still be susceptible to all of the security woes that Microsoft has to offer.  But it does provide you with the confidence to know that your data is secure if your laptop is stolen or lost.