Help > Hard Drive Installation
Re: PCLinuxOS KDE 2011.6 is now available for download > encryption
menotu:
Has anyone used encryption (for drives/partitions) during the install of 2011-06?
AS:
--- Quote from: menotu on July 03, 2011, 08:24:52 AM ---Has anyone used encryption (for drives/partitions) during the install of 2011-06?
--- End quote ---
I'm going to test this feature (or similar/equivalent) in virtualbox, will let you know about .. as soon as possible. ;)
AS
AS:
Partial success on using encrypted partitions: ;)
At a first try had setup a single encrypted partition '/', successfully installed the system, failing at first reboot:
clearly grub is failing to recognize an encrypted partition ... test terminated with failure.
The above failure may be a good reason to setup a different /boot filesystem, allowing to start the kernel / initrd from a not encrypted partition and mounting the encrypted '/' later, at least I was thinking so.
I tried a second install, this time using a plain /boot (unencrypted), at time of disk partitioning had realized that I was not allowed to encrypt a /boot filesystem or a '/' filesystem.
(There is a glitch in diskdrake, that allow you to encrypt the partition and then assign it to /boot, but if you firstly choose the mount point, the encrypt check box become grayed out, so the developer intentions are clear: you are not allowed to encrypt '/' and '/boot' filesystems ...may be others but didn't check about).
Continuing in the disk setup, I choose to encrypt the 'swap', and the '/home' filesystem and performed the system installation.
At first reboot, the system will ask for filesystem encryption password, this is actually causing a minor issue:
- plymouth screen is 'blocked' from password requests
- until you press ESC to terminate plymouth, you don't see the password request.
Pressed ESC, (plymouth terminate), inserted the required password, boot process proceed as expected until it come the time to activate the swap, which actually fails, but the system continue the boot process later requesting about keyboard and time setup.
In this second test, the system is fully working (except the encrypted swap and the issue related to plymouth).
this is the resulting /etc/fstab:
--- Code: ---# Entry for /dev/sda5 :
UUID=661ce798-79bb-4e22-9d94-c41a565a36f6 / ext4 acl,relatime 1 1
# Entry for /dev/sda1 :
UUID=66fbc96a-b06d-4625-a1cd-c20b94e6cff5 /boot ext2 acl,relatime 1 2
/dev/mapper/crypt_sda7 /home ext4 noatime 0 0
none /proc proc defaults 0 0
/dev/mapper/crypt_sda6 swap swap noatime 0 0
none /dev/pts devpts defaults 0 0
--- End code ---
the following is the output of df:
--- Code: ---Filesystem Size Used Avail Use% Mounted on
/dev/sda5 9.0G 1.8G 6.7G 22% /
/dev/sda1 312M 13M 283M 5% /boot
/dev/mapper/crypt_sda7
9.9G 162M 9.7G 2% /home
--- End code ---
AS
EDIT: the swap appear to be activated correctly, see message #8 below:
http://www.pclinuxos.com/forum/index.php/topic,93730.msg788014.html#msg788014
Just17:
--- Quote ---At first reboot, the system will ask for filesystem encryption password, this is actually causing a minor issue:
- plymouth screen is 'blocked' from password requests
- until you press ESC to terminate plymouth, you don't see the password request.
--- End quote ---
Could be regarded as an extra security feature :D
AS:
Performed a third test, by encrypting the root filesystem '/' while maintaining unencrypted only '/boot': Success :)
Had tweaked a little the boot parameters removing the option quiet and changing splash=silent to splash=verbose to overcome the plymouth issue, resulting in a perfectly clean boot.
This time no swap at all.
The system added itself a boot parameter root=/dev/mapper/crypt_sda5 directing the mounting of root filesystem.
However, may be not so good idea to encrypt the root filesystem, will only result in a (small) performance penalty,
the result is however interesting, meaning that kernel/initrd are already ready to support encrypted partitions.
... testing to be continued ... ;)
AS
Navigation
[0] Message Index
[#] Next page
Go to full version