FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User
Reload this Page Questions about d-i disk encryption

 
 
LinkBack Thread Tools
 
Old 04-25-2008, 04:20 PM
"Hans Martin"
 
Default Questions about d-i disk encryption
Hi,

two questions related to the current d-i (lenny) netinst CD:

1. I like to have half of my disk crypted (with /, /usr/, /home,
all in one crypted partition), and the other half without
encryption e.g. as /usr/local). What is the easiest way to
achieve this?

2. Because I'm experimenting with the installation, I would like
to skip one stop of the prepartion of the encryption, that
takes about two hours (does in write /dev/random to
/dev/hdaX?). How can I skip this step easily? (I know, that
this would degrade security, but for this test I don't care.)

Thanks in advance!

Hans
--
Psssst! Schon vom neuen GMX MultiMessenger gehört?
Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 04-25-2008, 05:29 PM
"Jordi Gutiérrez Hermoso"
 
Default Questions about d-i disk encryption
On 25/04/2008, Hans Martin <HMartin1@gmx.net> wrote:
> 1. I like to have half of my disk crypted (with /, /usr/, /home,
> all in one crypted partition), and the other half without
> encryption e.g. as /usr/local).
[snip]
> 2. Because I'm experimenting with the installation, I would like
> to skip one stop of the prepartion of the encryption, that
> takes about two hours (does in write /dev/random to
> /dev/hdaX?).

Neither of those configuration options are yet available in d-i. You
may want to consider submitting wishlist bugs. I would like that too,
especially #2, since sometimes I abort the installation and start
again, which means it spends more time doing it again when it really
doesn't need to.

- Jordi G. H.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 04-25-2008, 05:46 PM
"Hans Martin"
 
Default Questions about d-i disk encryption
Jordi wrote:
> On 25/04/2008, Hans Martin <HMartin1@gmx.net> wrote:
> > 1. I like to have half of my disk crypted (with /, /usr/, /home,
> > all in one crypted partition), and the other half without
> > encryption e.g. as /usr/local).
> [snip]
...
> Neither of those configuration options are yet available in d-i.

OK, so what would be the best way to achieve at least point 1
manually? I assume, I take the complete disk as PV, right?
Than I create a VG on it. Follow the logival volumes, but do
I need two or three? One small for the init-rd stuff? How big?
One crypted and one non-crypted? TIA!

Hans
--
Psst! Geheimtipp: Online Games kostenlos spielen bei den GMX Free Games!
http://games.entertainment.gmx.net/de/entertainment/games/free


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 04-27-2008, 04:19 AM
Jon
 
Default Questions about d-i disk encryption
On Fri, Apr 25, 2008 at 06:20:08PM +0200, Hans Martin wrote:

> 2. Because I'm experimenting with the installation, I would like
> to skip one stop of the prepartion of the encryption, that
> takes about two hours (does in write /dev/random to
> /dev/hdaX?). How can I skip this step easily? (I know, that
> this would degrade security, but for this test I don't care.)

On the 'Partition settings' screen, toggle 'Erase data' from yes to no.
In practice I very much doubt that this would ever reduce your security.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 04-27-2008, 02:00 PM
"Jordi Gutiérrez Hermoso"
 
Default Questions about d-i disk encryption
On 26/04/2008, Jon <iroquoi@gmail.com> wrote:
> On the 'Partition settings' screen, toggle 'Erase data' from yes to no.
> In practice I very much doubt that this would ever reduce your security.

It's been a while since I've looked at d-i, and maybe things have
changed, but is there an option to encrypt partitions and set up lvm
when you do manual install? I just remember there being one option
which sets up lvm and encrypts, but it doesn't have any suboptions. Am
I misremembering, or have things changed?

- Jordi G. H.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 04-27-2008, 10:08 PM
Jon
 
Default Questions about d-i disk encryption
On Sun, Apr 27, 2008 at 09:00:52AM -0500, Jordi Gutiérrez Hermoso wrote:

> On 26/04/2008, Jon <iroquoi@gmail.com> wrote:
> > On the 'Partition settings' screen, toggle 'Erase data' from yes to no.
> > In practice I very much doubt that this would ever reduce your security.
>
> It's been a while since I've looked at d-i, and maybe things have
> changed, but is there an option to encrypt partitions and set up lvm
> when you do manual install?

Yes. When you create a partition manually, you can set the partition
type to be 'physical volume for encryption' or 'physical volume for
lvm', amongst the other usual types. You can then make more partitions
inside that volume. e.g. make an encrypted volume, set the type to lvm,
then make partitions in the lvm.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 08:46 AM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org

Contact Us - Linux Archive - Archive - Top -