phillip bailey's picture

I'm currently working on a project that involves the deployment of of some applications inside a hostile environment. Using Turnkey linux I've achieved all the tasks required to have a secure distribution, except that I need to set up a full encrypted file system.

In the di-live installer, unfortunately I didn't find the way to enable this feature, but looking a bit further into /usr/lib/di-live.d/42partman-base  seem it is the right place to enable this feature. I'm kinldy asking for some hint and tips enable the whole FS encryption in turnkey Linux.

Thanks for the awesome work with Turnkey.

Phillip Bailey

Alon Swartz's picture

I've never done this before, so I can't give you a step-by-step, but you did find the correct place to enable encryption (42partman...)

di-live leverages d-i (debian-installer) to do the heavy lifting, which is used by Debian and Ubuntu. These links (1, 2) might help.

In a nutshell, you need to preseed d-i partman with the configuration you want in the di-live hook, and then let partman take care of the details.

phillip bailey's picture


thanks for the update, today I'll try to get my fingers dirty with partman.

phillip bailey's picture

Hi Alon,

things are getting hard with di-live an partman, there's any way to avoid the di-live heavy lifting during the disk partitioning?.



phillip bailey's picture

Hi Alon,

I know that you I've invested a lot of time writing di-live, I'm asking if there's a way to disable it and go with a normal debian installer, because things with the encrypted file system and di-live a getting pretty messed up..


Alon Swartz's picture

Not really. di-live was developed to provide the ability to install a "live" debian based system to the harddisk. The debian-installer itself doesn't have that ability.

With enough tweaking you should be able to disable preseeding and enable all the d-i partman recipes for advanced usage scenarios (like full file-system encryption). You might need to install some dependencies though, as I said above, I'm not sure as I've never tried myself...

doug's picture



you guys products are awesome but currently I cannot use them in production and sometimes not even in dev environments until we can achieve whole disk encryption with the installer... Id love to see this feature added as it has become de facto standard where I work now




Jeremy Davis's picture

Have a look here, although I have no idea when an option like that will be implemented.

If you are really keen on this then I suggest that you consider forking di-live.

Ole Rasmussen's picture

The whold disk encryption is such a must have now a days, that without it Turnket Linus is not a serious bid in a production environment.
Personally I do think you should focus on this feature as a top priorety before anything else.

I wote for a rapid implementation


Add new comment