Re: [PLUG] Linux encrypted partitions, How To

James Barrett on 11 Oct 2007 01:23:10 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux encrypted partitions, How To

From: James Barrett <jadoba@jadoba.net>

To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Subject: Re: [PLUG] Linux encrypted partitions, How To

Date: Wed, 10 Oct 2007 21:22:57 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: KMail/1.9.5

On Wednesday 10 October 2007 19:43, Matthew Rosewarne wrote: > It would probably be more flexible to use LVM on crypt, which lets you > avoid using a swap file and use multiple "partitions". I believe James set > up something like that on his laptop. It was very simple. When Debian-Installer asked to set up partitions you must create at least two, one for /boot and one for encryption of everything else. LVM can be set up inside the giant encrypted partition. DI utilizes LUKS. I chose to create my own partition layout. I set up the boot partition first (you will see why in a moment), on a usb drive*. If doing it on the main disk it would only need about 200MB at the very maximum for /boot (my usb drive is only 128MB). The rest of the disk is set up as physical volume for encryption. After setting the partition to be used for encryption, I went up to a new option, "configure encrypted volumes" (IIRC?). DI notified me that continuing would mean that I could not mangle the disk partition table any more during the install process, and prompted me to continue. I did, of course, since I had already created a boot partition. The laptop was new, so I did not need to wipe the drive (it would have taken 2 hours anyway...) It asked for a passphrase to use for encryption (I chose one with more than 20 characters: uppercase, lowercase, digits and symbols). I was then presented with an encrypted volume. I set up LVM (physical volume for lvm) and then went up to "configure logical volumes" or whatever the new selection happened to be. It notified and prompted again about not being able to mangle the partition table after continuing; I continued. I then set up the system as normal from here on, with /var, /home and /tmp volumes separate from root. I also set up a 1.5GB swap partition inside the volume group. Everything except /boot can be encrypted very easily and also flawlessly with debian installer. It has been a while since I did this, so correct me if I misstated anything. * the USB flash drive must be inserted before you start the Debian install (i.e. before you turn on the machine). I selected noatime as a mount option so access times did not write to disk. The advantage of using a usb drive is not much, but it allowed me to create fewer partitions on the hard disk itself (just one in this case). GRUB is on the usb flash drive, so it can be used as a rescue disk for other systems, though I have not had to use it for that yet. It is a bit of a PITA as I have to insert and mount it whenever doing a kernel upgrade. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

References:

Re: [PLUG] Linux encrypted partitions, How To
From: "Brian Vagnoni" <bvagnoni@v-system.net>

Re: [PLUG] Linux encrypted partitions, How To
From: Matthew Rosewarne <mrosewarne@inoutbox.com>

Prev by Date: Re: [PLUG] OT: Mac OS X question

Next by Date: Re: [PLUG] OT: Mac OS X question

Previous by thread: Re: [PLUG] Linux encrypted partitions, How To

Next by thread: [PLUG] JOB OPPORTUNITY: Sr. Linux SysAdmin

Index(es):

Date

Thread