FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 04-01-2012, 07:27 AM
"J.A. de Vries"
 
Default Make fully encrypted disk without LVM during install

Hi all,

I plan on installing testing on a brand new disk later this week. Last time I
did this I just followed the options the installer offered and ended up with a
perfectly fine system on a fully encrypted disk using LVM.

This time I need my disk to be easily portable, so I prefer to have a fully
encrypted disk without LVM. Not that LVM is a problem in itself, but I could
do without the hassle it brings with it when you want to mount that disk on
another system where that system will not boot from it. I know it can be done
even with LVM, but in this case it is more of a bother than a help because I
am quite sure I won't need to resize the partitions.

Is there some combination of options in the installer that supports this
choice? If there is I am propbably very dense today, because I can't seem to
find it. I'd really appreciate it if someone could give me some pointers in the
right direction.

Grx HdV


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 201204010927.12260.hdv.jadev@gmail.com">http://lists.debian.org/201204010927.12260.hdv.jadev@gmail.com
 
Old 04-01-2012, 03:51 PM
Brad Alexander
 
Default Make fully encrypted disk without LVM during install

If you only encrypt the disk, the default (at least on the squeeze
netinstall disk) is to create a large ext3 partition. Then you don't
have an lvm partition...

--b

On Sun, Apr 1, 2012 at 3:27 AM, J.A. de Vries <hdv.jadev@gmail.com> wrote:
> Hi all,
>
> I plan on installing testing on a brand new disk later this week. Last time I
> did this I just followed the options the installer offered and ended up with a
> perfectly fine system on a fully encrypted disk using LVM.
>
> This time I need my disk to be easily portable, so I prefer to have a fully
> encrypted disk without LVM. Not that LVM is a problem in itself, but I could
> do without the hassle it brings with it when you want to mount that disk on
> another system where that system will not boot from it. I know it can be done
> even with LVM, but in this case it is more of a bother than a help because I
> am quite sure I won't need to resize the partitions.
>
> Is there some combination of options in the installer that supports this
> choice? If there is I am propbably very dense today, because I can't seem to
> find it. I'd really appreciate it if someone could give me some pointers in the
> right direction.
>
> Grx HdV
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/201204010927.12260.hdv.jadev@gmail.com
>


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAKmZw+aGB_pYriJEaapMdQpJ=y69J=S9ZWNZmHp9b7yCg5HRz w@mail.gmail.com">http://lists.debian.org/CAKmZw+aGB_pYriJEaapMdQpJ=y69J=S9ZWNZmHp9b7yCg5HRz w@mail.gmail.com
 
Old 04-04-2012, 01:24 PM
Jon Dowland
 
Default Make fully encrypted disk without LVM during install

On 01/04/12 08:27, J.A. de Vries wrote:
> This time I need my disk to be easily portable, so I prefer to have a
> fully encrypted disk without LVM

The system on which you might want to read the disk will need to know
how to decrypt it. Do you anticipate hot-plugging it to a running
machine, or trying to boot from it?

The convenience-partitioning-scheme offered by d-i which uses LVM and
encryption also creates a non-encrypted, non-LVM /boot partition, within
which the kernel and initramfs are stored. These are set up to
understand how to interpret both the encryption and LVM. I'm having
trouble seeing why LVM would be much more pain than encryption already
brings you, from a portable POV. (I suppose it's one fewer command to
type!)
 
Old 04-04-2012, 05:37 PM
"J.A. de Vries"
 
Default Make fully encrypted disk without LVM during install

Hi Jon,

> The system on which you might want to read the disk will need to know
> how to decrypt it. Do you anticipate hot-plugging it to a running
> machine, or trying to boot from it?

In this situation I will have a disk which is used to boot one machine, but
does contain data that will be needed on another machine. That machine will
definitely not use this disk to boot from, but just as a data disk.

I know I could move the data around as an encrypted archive, but my customer
wants a solution where the data is only stored on one disk. And yes, they are
aware of the potential risks that brings with it. Still, that's how the want
it.

> The convenience-partitioning-scheme offered by d-i which uses LVM and
> encryption also creates a non-encrypted, non-LVM /boot partition, within
> which the kernel and initramfs are stored. These are set up to
> understand how to interpret both the encryption and LVM. I'm having
> trouble seeing why LVM would be much more pain than encryption already
> brings you, from a portable POV. (I suppose it's one fewer command to
> type!)

Ever tried to put a fully encrypted disk with LVM in another machine, without
booting from it? If you boot from it there's almost no hassle at all. I know
it is possible to mount such a disk. I've used the scenario described at
http://canonical.org/~kragen/crypted-disk.html often enough. However, for this
sitation I need something a bit more userfriendly. Preferably a scenario where
my customer only needs to enter his password when mounting. That's why I
thought of leaving LVM out of the picture altogether. In this situation it has
no purpose at all, so why use it then?

Thanks for trying to help.

Grx HdV


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 201204041937.31311.hdv.jadev@gmail.com">http://lists.debian.org/201204041937.31311.hdv.jadev@gmail.com
 
Old 04-05-2012, 08:34 AM
Jon Dowland
 
Default Make fully encrypted disk without LVM during install

(Incidentally is your first name 'Jetse'?)

On Wed, Apr 04, 2012 at 07:37:31PM +0200, J.A. de Vries wrote:
> Ever tried to put a fully encrypted disk with LVM in another machine, without
> booting from it?

Far worse: I have a 1TB external drive with a DOS partition table, one partition
formatted for LVM, with an LVM logical volume on top which is part of an md RAID
set, inside the RAID device is another LVM PV for a different volume group. Your
point is correct: it is far from user-friendly ☺

> However, for this sitation I need something a bit more userfriendly.
> Preferably a scenario where my customer only needs to enter his password when
> mounting. That's why I thought of leaving LVM out of the picture altogether.

What environment is available in the system that might need to interpret the
device? My GNOME desktop can mount LUKS/dm-crypt devices graphically, via
nautilus (I think using udisks[1] as the back-end but I can't see the package
dependency relationship)

[1] http://www.freedesktop.org/wiki/Software/udisks

> In this situation it has no purpose at all, so why use it then?

If you are using the entire disk and don't anticipate needing to shuffle things
then there's no point indeed.



Cheers


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120405083438.GE2010@debian">http://lists.debian.org/20120405083438.GE2010@debian
 
Old 04-05-2012, 11:20 AM
"J.A. de Vries"
 
Default Make fully encrypted disk without LVM during install

Hi Jon,

> Far worse: I have a 1TB external drive with a DOS partition table, one
> partition formatted for LVM, with an LVM logical volume on top which is
> part of an md RAID set, inside the RAID device is another LVM PV for a
> different volume group. Your point is correct: it is far from
> user-friendly ☺

Ah, another fellow sufferer!

To us it is a problem we can overcome, but I'd like to present my customer
something that'll be easier to do.

> What environment is available in the system that might need to interpret
> the device? My GNOME desktop can mount LUKS/dm-crypt devices graphically,
> via nautilus (I think using udisks[1] as the back-end but I can't see the
> package dependency relationship)
>
> [1] http://www.freedesktop.org/wiki/Software/udisks

Thanks. I hand't seen this, yet.

The DE where the disk will be mounted is pure KDE. At the moment version
4.6.3, but they expect to migrite to 4.8 in a couple of weeks.

> If you are using the entire disk and don't anticipate needing to shuffle
> things then there's no point indeed.

That's the case.

Thanks for helping!

Grx HdV


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 201204051320.35932.hdv.jadev@gmail.com">http://lists.debian.org/201204051320.35932.hdv.jadev@gmail.com
 

Thread Tools




All times are GMT. The time now is 05:07 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org