Re: [PLUG] Help with encrypted SSD

Rich Freeman on 19 Apr 2015 15:37:46 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Help with encrypted SSD

From: Rich Freeman <r-plug@thefreemanclan.net>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Help with encrypted SSD
Date: Sun, 19 Apr 2015 18:37:37 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=TjOPAIvnaL/JhtRNQc9oNPZtt1KiyFIuBeT6Qa+RDBA=; b=DK4vY4ypBWkxkbislZEaoKWEGSGmg4HbNicXLFP9aJ7rD9Pnm/Lsw9FoTn37MtuXOq vigxqXo0e4uPfNDkZ2nbXU7xEd4R4FM7U5ko3kbEsnlqSRDv3L+qvv7d2zSaDZms8ncq Qf1WHtKnUcaglvFzNmf/2H38qFPsveX8qF3z/eBazIbXjh4aMmhXMAbjDhDqadroAgig gP3iUTMr0qOZYprET9AWCd9LhT7pxwqrUb/91ZFS+eJ0z4XcgqGbVQ+isLcgZ9d4VwIb VCVzPWw/X2DfrjOTT+N3dxAp1xsUsjpqRtM056PjSbMVZiVzU3KQhsO732i8vRF3K40C 9N+A==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

On Sun, Apr 19, 2015 at 5:09 PM, Lee H. Marzke <lee@marzke.net> wrote:
> If I can get the drive unlocked,  I'll try  that.

You may need to do it on a different computer.  I have no idea what
your BIOS is doing, but the BIOS is just a program, and programs do
whatever they were designed to do.  They could make it refuse to work
on the second Tuesday of the month if they wanted to.  Maybe it is
supposed to be a feature linking the BIOS password and the drive
password.  I guess you're hosed if you install two drives with
different passwords in the same machine.

fdisk definitely won't work if the drive is locked, because it reads
the drive.  You would need to use hdparm to see what is going on.
hdparm -I /dev/sda will tell you at the bottom what the security
status of the drive is.  If it is frozen then you have to stick it in
a PC that has a BIOS that won't freeze the drive.  Maybe you could
unplug it and plug it back in again while the PC is powered in AHCI
mode.

But, you may need a vendor-specific command to unlock it if it doesn't
response to a secure erase without a password.

>
> The problem is LVM is inside DM-crypt,  so DM needs to be expanded
> first.     The installer has a script to do this but it only does
> 100% of the drive as DM-crypt/LVM,  and I want part reserved for
> VM's which don't do as well running inside an encrypted partition.

Does DM-crypt actually store metadata including the volume length?  I
thought it was just a passthrough.  If it is then all you have to do
is partition the new drive with two 500GB partitions, dd the old
partitions over them, and then mount them.  DM-crypt will just unlock
each partition as 250GB of whatever was on there before followed by
250GB of random data.  Then you can expand your lvm volumes and/or
filesystems over that space.

If DM-crypt does store the volume length in some kind of metadata,
then there should be some tool to expand the volume.  You just have to
start at the bottom layer and work your way up.

--
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] Help with encrypted SSD
  - From: "Lee H. Marzke" <lee@marzke.net>
- Re: [PLUG] Help with encrypted SSD
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] Help with encrypted SSD
  - From: "Lee H. Marzke" <lee@marzke.net>

Prev by Date: Re: [PLUG] Help with encrypted SSD
Next by Date: [PLUG] [plug-announce] Mon, Apr 20, 2015: PLUG West - "The Arch Way: Simplicity Is King" by Jason Plum (7pm at FIS in Malvern)
Previous by thread: Re: [PLUG] Help with encrypted SSD
Next by thread: Re: [PLUG] Help with encrypted SSD
Index(es):
- Date
- Thread