Video Screencast Help

My boot drive and home folder on different HD. Can I use WDE on both?

Created: 07 May 2011 | 4 comments

I know I can use WDE on my boot drive.  My home folder is on a second hard drive and I want to know if there is a way to make the 2nd HD auto-mount so that I can login?

Is this a supported setup?  I'd love to have both drives encrypted.

Comments 4 CommentsJump to latest comment

joshkerr's picture

Okay, I see the option to --add-group-disk in the PGP command line.  I'm guessing that if I add both internal disks to the same group that they will both be instrumented by the bootguard and that they will both be unlocked after passing the bootguard screen.  This makes sense no?

I'm going to give this a try.

mallardduck's picture

This is highly risky - there have been a number of reports of corrupt, unbootable installs with this configuration.

The issue is that the second internal drive is not mounted until AFTER you login as your user (and you'll be presented with another WDE prompt).

Is there some reason you can't have your home folder on the boot drive, and just move the data to another disk?

joshkerr's picture

My boot drive is an SSD drive which is great for speed and launching apps.  SSD's aren't so good for hosting your home dir.  So I've got it on a normal HD.

I tried the --add-group-disk option and it worked.  It mounts both drives before booting the OS.  So I don't see how I'll get data corruption or unbootable installs?  Both drives are part of the same drive group with my boot drive being the base disk, both are instrumented by the bootstrap login.

I also have an emergency user whose home folder is on my boot drive so if I need to perform some kind of decrypt on my 2nd hard drive, I can do so without booting to a USB drive.

I was able to acheive this setup by doing the following:

1.  Encrypt my boot drive normally.  When this is complete go to the next step.

2.  pgpwde --add-group-disk --base-disk (put your boot disk #) --disk (put the 2nd disk #) --auto   --passphrase 'password' --user 'your name'

This should cause the 2nd disk to start encrypting.  When this is finished, you are done.

Now when you boot up, both drives will be unlocked before the OS loads.  I actually added a third external disk (just in case it was plugged in.) 

mallardduck's picture

Interesting and creative solution.  I'd still have the home folder on the SSD and just move the data to the secondary drive, but I'm probably just paranoid (I've had and seen too many problems with PGP and it's brittle architecture over the last couple of years).