FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 06-10-2011, 03:54 PM
Christian Jaeger
 
Default How to install with encrypted root?

Thanks for your reply. I got it to work now.

2011/6/10 tv.debian@googlemail.com <tv.debian@googlemail.com>:
> Hi, I can confirm that it works, my main system is fully on Luks ( To be
> precise it is luks on raid1, and /home is decrypted with pam, swap with
> decrypt_derived.).

(The additional RAID layer might make a difference. I dealt with a
similar bug 2 1/2 years ago, where it didn't recurse correctly through
the device mapper layers [1]; at that time I actually had a system
where encrypted root set up by the installer mostly worked out of the
box, too, and I was using LVM, so that might make the difference. But
it also was lenny and not squeeze, of course.

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507721
)

> I can't explain why it doesn't work in your case, you could try to add
> the required modules to /etc/initramfs-tools/modules, or check in

(At the point where I'm running update-initramfs (from within a chroot
from the running GRML system), all modules are loaded of course,
although from GRML)

> /etc/initramfs-tools/initramfs.conf that you have MODULES=most and
> BUSYBOX=yes.

(That's the case.)

> Maybe cp the /usr/share/initramfs-tools/hooks/cryptroot hook script to
> /etc/initramfs-tools/hooks/, this shouldn't be necessary though.

My system didn't have the /usr/share/initramfs-tools/hooks/cryptroot
file; while trying to figure out why, I realized that the "cryptsetup"
package wasn't installed! After installing it, update-initramfs now
creates an initrd that *does* contain cryptsetup.

I expected that the installer would install cryptsetup automatically
(at least) if the user creates encrypted partitions using its
partitioner. I would say this is a bug of the installer; anyone
disagreeing?

> Do you have a /etc/crypttab file, is it accurate ?

Yes it's already been there and accurate.

> Is the fstab too ?

Is correct, too.

> Tried reinstalling cryptsetup from the chroot ?

Strip the "re"

So I'm looking forward to report a bug against the installer (actually
several, since it didn't install busybox either).

BTW is there a way to make the boot process cache the pass phrase, so
that when I'm using the same for several partitions it would only ask
once? (Yes, I know that using LVM I could put all of those into the
same volume group on a single encrypted physical volume, but I'd like
to avoid LVM this time in an attempt to avoid potential issues (I'm
suspecting LVM to be a part in some unexplained slowness that I'm
suffering from on the machine where I'm using it).)

Christian.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: BANLkTi=bDrOjaXZ7Q+merrAqfbwWn4NYqg@mail.gmail.com ">http://lists.debian.org/BANLkTi=bDrOjaXZ7Q+merrAqfbwWn4NYqg@mail.gmail.com
 
Old 06-10-2011, 04:06 PM
Osamu Aoki
 
Default How to install with encrypted root?

On Fri, Jun 10, 2011 at 09:25:43AM -0400, Christian Jaeger wrote:
> Hi
>
> I'm trying to install squeeze with "/" being a partition dmcrypt'ed
> with luks. Is Debian supposed to support that or not? For me the
> debian installer failed to do it, so I sent mail to debian-boot about
> it [1] and then since I didn't get a reply reported a bug against
> initramfs-tools [2], where Maximilian Attems told me to get support
> here.
>
> [1] http://lists.debian.org/debian-boot/2011/06/msg00068.html
> [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629985
>
> So please tell me what I'm doing it wrong, whether it works for you,
> or whether that's in fact a result of bug(s) and ideally to which
> package(s) it(they) should be reported.

It works for me here using d-i.

There could be many ways to do this. I tried several before.
I now have both root and swap on a LVM partition which is on an
encrypted partition with LUKS. (Of course, /boot is unencrypted and also
I installed another backup system there as / for rescue.)

Your answe can be found in Google:
"LVM encrypt root debian squeeze"

http://forums.debian.net/viewtopic.php?f=10&t=46874

http://wiki.debian.org/AesXtsEncryptedLvm (OLD and easier method exists
but still good to read)

These looks good reading.

Osamu


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110610160607.GA8614@debian.org">http://lists.debian.org/20110610160607.GA8614@debian.org
 

Thread Tools




All times are GMT. The time now is 11:20 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org