Debian Configuration :: Decrypt Luks Volume With A Keyfile On Boot From Grub
Jul 6, 2015
I have install a debian jessie in my laptop, i create a lvm volume with /, /home, etc and a /boot partition outside. the i move this partition to the lvm volume and boot from it, everything it´s okay and it works.
The problem is that wen boot it ask me the passphrase to load grub, and then, when grub loads the kernel, it ask me again the passphrase.
I read that i can pass a key file to the initramfs to solve this, but where i see it, he uses mkinitcpio, and i can´´t find this package in the debian repos, it an arch package, also i tried this option [URL] ...
But it asking me the passphrase 3 times, and the third fails, the sistem starts, but i read the fail in the log.
View 1 Replies
ADVERTISEMENT
Jan 25, 2016
I'dont get prompt for passphrase for decrypt luks during boot.Instead it says 'error: device name required, press any key to continue"
Grub.cfg: http://pastebin.com/GZsuXp1y
kernel: linux-image-4.3.0-1-amd64
video with issue: https://www.youtube.com/watch?v=13ruhtUcwRo&feature=youtu.be
VM disk has 2 partitions:
sda1 with /boot
sda2 - luks encrypted
View 1 Replies
View Related
Nov 18, 2010
I have a Truecrypt-encrypted Windows [system] partition, that I want to be opened and mounted automatically (using a keyfile) when I log into Debian, since it is also encrypted and I don't want to type two passphrases. It think this could be done with LUKS. With TC I probably have to go with the CLI, but haven't figured it out yet. And I can't add a keyfile to the volume using the GUI. In order to mount the volume I have to tick the Mount partition using system encryption (preboot authentication) checkbox, or otherwise I get Incorrect password or no TrueCrypt volume found. And same when I try to add a keyfile.
View 2 Replies
View Related
Oct 18, 2010
I can't seem to get an encrypted partition to recognize a keyfile. It is a backup partition that I would like to keep unmounted until a cron-script runs once a week to backup my sensitive data. In order for the script to run without my assistance, I thought I'd use a keyfile to authorize the mount.
So far I've created a keyfile and have added it to the partition using "luksKeyAdd". It didn't really say it was successful, but when I do a luksdump, it shows that another key slot has been enabled, so I believe it worked. After that I created a /etc/crypttab file with the following:
Code:
backup_sdd1 /dev/sdd1 /root/backup luks
/dev/sdd1 being the backup partition, and /root/backup being the keyfile
After rebooting, I am still prompted for a password when trying to mount the encrypted partition (sdd1), and there is no device "/dev/mapper/backup_sdd1" created like I believe there should be. I haven't added any entries to fstab, as I don't want this partition to mount at boot.
View 5 Replies
View Related
Jan 21, 2009
I need a FREE solution that can image an entire Luks system encrypted volume and the rest of the used HDD, the MBR and /boot partition. Note: MBR and /boot are not encrypted. Note 2: I want to be able to restore entire drive from image with only a couple of steps. Note 3: Destination HDD space is a factor. Image file must be compressed and the image file must be around 40 to 50 GB or less. The smaller the image the better.
I have used clonezilla live cd before but not for encrypted volumes. I know you can install it in Linux. But, I don't know how to configure it after installation. I would be very happy if someone could tell me how to configure clonezilla in Fedora. How to guides are also welcome. I have one more question. If I image the encrypted volumes and all the stuff I mentioned above while logged in to Fedora, and I restore the drive from the image, will the recovered drive still be encrypted?
View 8 Replies
View Related
Jun 20, 2011
Is there any way to only have one passphrase prompt when using multiple LUKS partitions? Well there must be, as that's how Fedora does it - it asks you once, and tries that passphrase on every LUKS volume (with a nice plymouth prompt), I just don't know how to do that on Wheezy. Don't say I have to nuke my install and use LVM instead of regular partitions or put a keyfile on a USB stick. My partition layout is:
/boot (plain)
swap (luks)
/ (luks)
/data (2nd drive, luks)
So I get asked 3 times during boot.
View 4 Replies
View Related
Jan 15, 2016
Is it better to install LUKS to raw disk (/dev/sdb) or disk partition (/dev/sdb1)? What are best LUKS options?
"cryptsetup benchmark" output
Code: Select allPBKDF2-sha1Â Â Â 1310720 iterations per second
PBKDF2-sha256Â Â Â 862315 iterations per second
PBKDF2-sha512Â Â Â 590414 iterations per second
[Code] ....
Is slow hash better or how to choose it? It is clear that aes-xts is best choise. Is 265 bit key good?
View 3 Replies
View Related
Mar 9, 2011
Has anyone tried encrypting the boot partition to prevent the kernel from being modified. Iv tried following this but I'm running into issues when building. [URL] Im using the source from bzr checkout [URL] Last time I tried I screwed grub and it wouldnt boot.
View 9 Replies
View Related
May 30, 2010
I have a Knoppix DVD-ROM. I also have its image as k.iso at the second partition of HDD of my laptop. I use the DVD-ROM and write at the boot prompt the cheat code:
knoppix bootfrom=/dev/sda5/k.iso
I also have a folder Knoppix made during bootprompt by using the cheatcode knoppix tohd=/dev/sda5 and I can use the following cheatcode while booting from the DVD-ROM, like knoppix fromhd=/dev/sda5My laptop runs Debian Lenny 5.0.4, installed in the first partition of my HDD.
Can Grub be configured to boot from the Knoppix k.iso image, or the knoppix folder, which I use to use the Knoppix OS, so that I am freed from using the DVD, when I want to use the knoppix system?
View 14 Replies
View Related
Jul 2, 2010
I have Debian Squeeze amd64 and i install into same hdd in free space archlinux sda3 /boot, sda4 /
How set grub from debian for boot the archlinux?
View 4 Replies
View Related
Aug 26, 2015
I am thinking about maybe trying "LILO" [URL] ....
For my boot loader, from what I have read it sounds even more tempting.
I am totally sick of GRUB, even though it is what seems to be the most popular,and is what normally is used as the "default" when any linux system is installed, that is what the install ISO's use, but anyway, that is another topic, over the years, "grub failing", has been a problem for me , many times.
I saw this (From LILO to GRUB Howto).
View 5 Replies
View Related
Nov 26, 2015
I have a ~ 2008 notebook (Compaq CQ60-137EL) on which I had Windows 7 only (it was sold with Windows Vista installed).
Later I installed Debian Jessie 8.2.0 Stable ("Graphical expert install" from DVD), along with GRUB as a boot manager (I chose not to install it on the EFI removable media path).
Since then, if I select Windows 7 on the GRUB boot screen, I see "Starting Windows...", and after few seconds the screen flashes for a moment, and then the PC reboots: I see the bios screen, followed by the GRUB screen again.
What's even more weird about this is the fact it just happens only in like ~50% of the cases. In the other 50%, Win7 starts flawlessy.
I even tried to install Debian first, then Windows 7, then re-install GRUB, but I got the same issue, even with both system freshly installed.
On 6 attempts, 3 times it worked and 3 times it didn't.
On my desktop PC I'm in the same setting, but I don't have this issue. I think it may be related with the fact I have Win7 on a SSD and I installed Debian on a separate HDD, while on my notebook, as you can imagine, there's just one single HDD.
View 11 Replies
View Related
Mar 11, 2011
I have recently installed Debian alongside Vista on the same boot menu using the GRUB booting device. Only problem is, I couldn't boot Vista at all any more, so I removed my Debian installation from that drive. But the GRUB boot record persists, I don't have the Recovery disk to restore my old system, so I have to find a way to manually remove the GRUB track and put the old record in its place. I assume there was a copy made of it by the installation program, now my only problem is to find that file and copy the content back in place (at the address at the very beginning of the drive) all that by using Linux code, since that is all I have left. Being new to this game, I have no idea how to begin writing the right command for a job like this
View 3 Replies
View Related
Jan 3, 2016
I have a Jessie with grub2. I've bought ssd and copied root partition onto it. I've also installed grub on this disc. I would like to have dual boot:
- First option: old root booted from hdd
- second option: boot from copied ssd and use root from it.
So i would have two identical but independent configurations.
Both disc has different uids (changed after cloning).
I had a hope that i will change fstab to mount root partition from ssd, but it doesn't work. I need to change grub configuration, but how to add new position?
There is also problem that bios doesn't allow me to choose disc to boot from. So i would rather prefer to change grub configuration for dual boot from different disc.
View 8 Replies
View Related
Mar 21, 2010
I have been following Alien Bob's README_CRYPT.TXT on the install disk and playing around with LUKS and LVM as highlighted in the section Combining LUKS and LVM. I got this working following the examples in the readme however I now wish to add another volume to the volume group. I have got this working and extended the group with an encrypted volume so it's now bigger. I want the two included physical volumes in the volume group (which are both encrypted) to be opened on bootup.
As it is now I am prompted for a password for the first physical volume (the passwords are set to be the same) and that opens and boots the volume. It has a problem with the second PV I have added and doesn't open this. There are errors on boot up about this and pvdisplay give this:
Code:
Couldn't find device with uuid 'JVirxL-lmqH-SUym-3lXG-MnXx-Qjk8-JZRha8'.
Couldn't find device with uuid 'JVirxL-lmqH-SUym-3lXG-MnXx-Qjk8-JZRha8'.
Couldn't find device with uuid 'JVirxL-lmqH-SUym-3lXG-MnXx-Qjk8-JZRha8'.
--- Physical volume ---
PV Name /dev/block/253:0
[Code]....
View 6 Replies
View Related
Dec 28, 2009
I have a 160GB harddrive with 2 partitions:
1. /dev/sda1 ext2 100MB (this is my /boot partition)
2. /dev/sda2 LVM2 Remaining space (this is my physical volume and is LUKS-encrypted)
There is 1 volume group, slackvg, and 3 logical volumes:
1. swap 2GB
2. root jfs 10GB
3. home jfs 50GB
I would like to shrink /dev/sda2 to make room for another regular partition, is this possible?
View 1 Replies
View Related
Jun 6, 2010
Recently set up root encryption with a couple of LVM volumes inside one LUKS volume, and I am just a little confused as to how I would go about getting it to automatically unlock using a keyfile stored on a USB flash drive, I presume I would have to put the drive in the fstab inside my initramfs (if there is one), and add a hook for USB device support.
But I digress, essentially, I want to know what I have to do to enable my LUKS volume (containing all of my partitions sans /boot) to unlock using a keyfile stored on a USB flash drive, rather than a manually entered passphrase.
View 2 Replies
View Related
Apr 21, 2011
I'm having a strange behavior with the volume button on my laptop, everything works fine, is just that is "switched" when I activate the volume (press function key + volume key) the volume light on the button goes off and volume gets muted, if I pressed it again the light turns on mber) and the volume gets unmute, anyone has an idea where should I look to correct this?
View 5 Replies
View Related
Jul 29, 2010
I'm running Debian testing/unstable, with my swap on an lvm volume. When I boot into the system, the swap doesn't become activated, even though there are messages that point to the contrary (for instance: "activating swap file...done"). After it's done booting, I run the command "free" and it shows that there is no space allocated to swap. "swapon -a" doesn't load the swap file either -- I have to do "swapon /dev/mapper/xxx-xxx". The swap appears in fstab, and also in /etc/initramfs-tools/conf.d/resume.
View 6 Replies
View Related
Mar 27, 2010
I'm running Karmic Server with GRUB2 on a Dell XPS 420. Everything was running fine until I changed 2 BIOS settings in an attempt to make my Virtual Box guests run faster. I turned on SpeedStep and Virtualization, rebooted, and I was slapped in the face with a grub error 15. I can't, in my wildest dreams, imagine how these two settings could cause a problem for GRUB, but they have. To make matters worse, I've set my server up to use Luks encrypted LVMs on soft-RAID. From what I can gather, it seems my only hope is to reinstall GRUB. So, I've tried to follow the Live CD instructions outlined in the following article (adding the necessary steps to mount my RAID volumes and LVMs). [URL]
If I try mounting the root lvm as 'dev/vg-root' on /mnt and the boot partition as 'dev/md0' on /mnt/boot, when I try to run the command $sudo grub-install --root-directory=/mnt/ /dev/md0, I get an errors: grub-setup: warn: Attempting to install GRUB to a partition instead of the MBR. This is a BAD idea. grub-setup: error: Embedding is not possible, but this is required when the root device is on a RAID array or LVM volume.
Somewhere in my troubleshooting, I also tried mounting the root lvm as 'dev/mapper/vg-root'. This results in the grub-install error: $sudo grub-install --root-directory=/mnt/ /dev/md0 Invalid device 'dev/md0'
Obviously, neither case fixes the problem. I've been searching and troubleshooting for several hours this evening, and I must have my system operational by Monday morning. That means if I don't have a solution by pretty early tomorrow morning...I'm screwed. A full rebuild will by my only option.
View 4 Replies
View Related
Aug 31, 2015
After having problems with lxde crashing while running Jessie, and re-installing Wheezy, I am not able to mount my WinXP drive. In the past I was able to run pcmanfm and mount the drive from there. It would ask for my root password and then would mount the drive. Now, however, when I click on the drive icon it gives me an error message saying authentication required.
One thing is that when I installed Wheezy I had the WinXP drive disconnected so as to not inadvertently install Wheezy on the wrong drive (I have two identical drives). After installing I connected the WinXP drive and then did a grub update. I can boot either drive, as expected, but I can not mount the WinXP drive from pcmanfm. Do I need to change the Policykit?
View 14 Replies
View Related
Jan 15, 2010
I'm having trouble with my keyboard functions on my netbook (eeePC 1005HA running squeeze/sid - specific build being the one available on December 23rd 2009 - hasn't been updated since installation) - specifically, some of the function keys seem to be off - i.e. when pressing Fn+key, only some actually work. The specific ones I'm having trouble with are:
Fn+F10 (mute)Fn+F11 (vol. down)Fn+F12 (vol. up)
As far as I can remember, they've never worked; at first I thought it wouldn't be an issue for me, having the volume panel, but the more time goes on, the more annoying it's becoming. Also, as it was a M$ machine at purchase, it has a Windoze key on it, which I'd like to configure to actually do something useful - preferably to open the main menu, if possible - but have so far failed to find any guides on how to do it. (Have Googled on multiple occasions, to no avail.)
View 11 Replies
View Related
Apr 6, 2010
I have successfully mounted my Win7 volume and my external hard drives NTFS volume as well. However, after modifying the fstab I seem to only be getting the win7 volume to auto-mount. Below is the contents of my fstab. /dev/sdf3 is not mounting. Again, it works no problem if I manually mount it.
# /etc/fstab: static file system information.
#
# <file system> <mount point> <type> <options> <dump> <pass>
[code]....
View 6 Replies
View Related
Oct 3, 2010
I was trying to get the Windows one working again. Here's what fdisk -l reads:
[Code]...
I'll change these or do some grub configurations, if anyone knows what ones can work.
View 1 Replies
View Related
Oct 26, 2010
I'm trying to migrate my LVs over to a Luks volume (prompt on password at boot). Unfortunately, as soon as I add my luks-encrypted physical volume to my volume group, I'm no longer able to update my grub configuration. I've detailed my steps below:
I've created and unlocked my encrypted partition with the following:
Code:
sudo cryptsetup -c aes-cbc-essiv:sha256 -y -s 256 luksFormat /dev/sdb1
sudo cryptsetup luksOpen /dev/sdb1 crypto_agilityssd
My /etc/crypttab looks like this:
[Code].....
View 2 Replies
View Related
Jul 19, 2010
I'm trying to install debian on a encrypted partition with LUKS and LVM. I've found a good tutorial for ubuntu (here but it's in french). The idea is to create a sda1 partition for /boot and create a sda2 partition which is encrypted with luks ("cryptsetup -c aes-xts-plain -s 512 luksFormat /dev/sda2") and on this encrypted partition, I use LVM to divide it in several different partitions (root, swap, home,...).
I can do it all with the debian live cd but once it's done I need to install debian. The problem is that with the basic install cd (I use netinstall), I cannot decrypt the partition for the installation (or if I can how ?)And with the live cd, I didn't find any option to do that.
View 6 Replies
View Related
Mar 12, 2011
I'm trying to install a luks enabled grub for full system encryption. What modules are required by grub to load a normal ubuntu linux system and what is the type to use?
View 2 Replies
View Related
Mar 19, 2011
A week ago I opened this thread viewtopic.php?f=17&t=61580 in "Board index ‹ Help ‹ Installation" and asked for a moderator to move this to here. Because it hasnt happened up to know, I am reopening the thread here. It would be reeeeally great if somebody could help me with my problem!
I own two computers, one netbook and one laptop. I want to boot my netbook as a diskless client via PXE.I set up a dhcp-, tftp and nfs-server on my laptop but when i boot my netbook, the follwoing messages are displayed:(to make it more clear, i uploaded the whole output and shortened the output below)
[Code]...
View 1 Replies
View Related
Sep 5, 2010
I have installed Windows 7 on my laptop . Now, it directly boot from Windows 7 . I think the MBR overwrote my grub . I have found two methods by google , but still does work .
1: boot from debian install CD, Alt +F2 switch to the console. "grub " "root (hd0,0)" "setup (hd0,0)".
2:boot from CD, mount /dev/scsi/host0/bus0/target0/lun0/part1 /mnt ; chroot /mnt ; grub-install /dev/sda.
View 7 Replies
View Related
Sep 21, 2010
I was installing sqeeze i386 on my laptop VOSTRO 1400 and got this the 'grub-pc' package failed to install into /target/. without the GRUB boot loader, the installed system will not boot.
View 3 Replies
View Related
