Debian :: Making LiveDVD Of Encrypted System
Aug 23, 2015
I have a system which i installed on usb flash (doesn't matter why). The system has 3 partitions: "boot", "/" and "swap". "Swap" and "/" are encrypted by LUKS. "Swap" is encrypted by random key, "/" - by passphrase.
I created this system only to make a liveDVD from it (not liveUSB).
To achieve this goal i installed program called "Systemback" (fork of Remastersys).
Links:
[URL] ....
[URL] ....
So i pushed the button 'Create live system' (or Live system create, don't remember exactly) and configured it to automatically convert .*sblive to .*iso
Program made it's work and i burned image in DVD.
But when i launch it i have this:
The last picture - is when i trying to startliveDVD with installed LVM2. No difference except one message.
I went to freenode and ask some questions. Somebody told me that maybe the problem is in LVM. But LVM was already installed, so i installed LVM2. No result.
How can i make the system that is encrypted by LUKS work from DVD? And is it really possible? Maybe systemback doesn't support feature to make live-image of encrypted system?
The system is Debian 8.1.0
I did the same with nonencrypted system - result is succesfull, liveDVD works.
View 5 Replies
ADVERTISEMENT
Feb 1, 2016
I have two basically identical harddrives that are encrypted with LUKS containing a complete debian installation:
Code: Select allroot@x200s:/home/b# lsblk --fs
NAME FSTYPE LABEL UUID MOUNTPOINT
sda
├─sda1 ext2 0b851969-281e-4db2-8a5b-3798e801711b /boot
├─sda2
└─sda5 crypto_LUKS cfcf63ef-448a-4f72-9f58-8f7731cf3dfc
└─sda5_crypt LVM2_member 21CS3f-SQeQ-XcMr-kyDs-OPtR-egmT-HkvJAu
[Code] ....
sda is what I currently run to write this text, sdb is my former harddrive, connected via USB.
I want to access the root partition on sdb.
The problem is:
Code: Select allcryptsetup luksOpen /dev/sdb5 oldhd
Enter passphrase for /dev/sdb5:
root@x200s:/home/b# ls /dev/mapper/
control oldhd sda5_crypt x200s--vg-root x200s--vg-swap_1
root@x200s:/home/b# mount /dev/mapper/oldhd /mnt/
[b]mount: unknown filesystem type 'LVM2_member'[/b]
[Code] ..
Before all this, both sda and sdb where in the same volume group. I renamed the volume group of sdb to "oldDisk"
using
Code: Select allvgrename <UUID> oldDisk
How I can access the data on the root filesystem of my sdb..
View 2 Replies
View Related
Dec 30, 2015
I want to move my old system to a new drive. Currently I have Debian installed with following configuration:
I have an encrypted system where everything is encrypted except /boot. Currently I've /boot and / installed on a 16 GB mSata SSD and /home on a regulard HDD. I've got a 500GB SSD for Christmas and want to move the whole system to the new SSD.
I just wanted to ask if I've got the process required to to this down:
1. backup root-directory (/) without and /boot /home using tar keeping file-permissions and owners to ext. hard drive
2. backup /boot and /home separately using the same method
2. replace HDD with SSD remove mSATA SDD.
3. boot via live-usb
4. create appropriate volume groups, partitions, setup encryption etc.
5. extract backups to appropriate partitions
6. chroot to old /.
7. edit fstab
8. reinstall grub
9. create new init ram img.
I'm pretty sure I've got steps 1.-6. down but I'm very shaky on what to do next.
View 0 Replies
View Related
May 29, 2011
I have installed debian 6 on two of my laptops. During installation I chose to encrypt my partitions (swap, root and home). Now I find it annoying that during boot up I'm asked for password, for each of these partions seperately. I have given same password for all three of them. How can I make the system ask for the password only once. I know it can be done because on fedora it was like that before.
View 5 Replies
View Related
Mar 21, 2010
I would like to make backups of my movie DVDs. I have tried xcdroast and brasero on my FC12 linux but they refuse to copy an encrypted DVD. What is available for free to copy encrypted DVDs?
View 5 Replies
View Related
Oct 28, 2014
I tried a while getting a live system working with encrypted persistence. The command
Code: Select alllive-persistence activate /dev/sdx2
works perfect, but boot time persistence works only for unencrypted storage. 'Cause I can not append the boot-log as file the most important part here:
Code: Select all+ tailpid=123
+ tail -f boot.log
+ cat /proc/cmdline
+ LIVE_BOOT_CMDLINE=BOOT_IMAGE=/live/vmlinuz boot=live noeject keyboard-layouts=de components persistence persistence-encryption=luks,none initrd=/live/initrd.img debug=true
+ Cmdline_old
+ PERSISTENCE=true
+ export PERSISTENCE
[Code] ....
The most confusing line is "Warning: cryptsetup is unavailable" - I took a look into the scripts, it checks if cryptsetup and askpass is executable if not this message. But:
I mounted the hdd-img file local and took a look: all binaries there.
So I tried a lot getting it working on boot time. I tried it with live-tools from testing, from wheezy and last but not least installed and pinned live-tools to unstable. Always the same. askpass isn't executable on boot time before mounting the persistence.
Config is
Code: Select alllb config noauto
--apt apt
--bootstrap debootstrap
--binary-images iso-hybrid
--distribution testing
--mirror-bootstrap http://ftp.debian.de/debian/
[Code] .....
(tried with binary-images=hdd, too)
and yes, cryptsetup is inside package-list (otherwise live-persistence from within running machine with crypted partitions would not work). Live tools I used for last run is 4.0.3-1 from unstable, before tried with 4.0.2-1 from testing.
Whats going wrong in boot system?
View 12 Replies
View Related
Jun 1, 2013
I'm a long time user of Debian, but I'm having trouble with my partitioning process. Here is where I currently stand:
I am installing the latest Wheezy build. I am trying to install debian with an encrypted LVM that spans two hard disks.
My partitioning layout is as:
1. /home
2. /root
3. swap
4. /boot
I then added partitions 1, 2 and 3 to a physical volume group. I then took that physical volume group and added it to a logical volume. Then I encrypted the logical volume, leaving the /boot partition untouched. I was under the assumption that the only partition the system needed free to reach the loading of the LVM is the /boot partition, as it holds the files necessary for booting. But when I attempt to finalize the disk, it gives an error stating, "No root file system detected". That would be an issue as it is currently sitting inside the encrypted LV. Am I wrong in including the root partition in the encrypted LV?
What is the best way of having as little of my file system non-encrypted as possible while still allowing a proper boot?
View 9 Replies
View Related
Mar 7, 2010
I've already went through the regular process of installation, adding the backports repository and doing the debian way installation, but somehow the system isn't assuming the plugin.
I've rebooted the web browser and even the entire system, but still the plugin does not work.
View 7 Replies
View Related
Feb 15, 2010
Question may be stupid, but I have LiveCD image to boot from, and I do not want to buy cd-rw or cd-r, I want to write it on DVD, but it looks like I have to convert structure CD to DVD, because I need to boot from it. K3B refuse to burn LiveCD to DVD disk.
View 12 Replies
View Related
Mar 22, 2010
I have Ubuntu 9.04 and I have encrypted swap, root partitions and two internal hard drives with this howto: [URL]. It's been working about a year now but after an routine fsck (when Ubuntu starts) I can't log in no more. After first passphrase (must be the root partition) the scrolling thingy stops and "Caps lock" and "Scroll lock" starts to blink and nothing happens. I have two 1 TB drives full of data which I can't get in to.
View 5 Replies
View Related
Jul 12, 2010
I try to encrypt root file system on Opensuse 11.1 and I have found up to two possibilities.
1. [url]
2. [url]
In the first case, i have a Problem with entering password, for each partition on encrypted disk, i must enter my password.(For 3 partition 3 times)
And in the second version to get i nowhere.
Code:
View 5 Replies
View Related
Jan 24, 2011
I have recently used PowerTop to get information about what settings I could tweak to make my laptop more power efficient. However, my problem is that all such changes seem to dissapear as soon as I reboot my machine. For example, if I run:
echo 1500 > /proc/sys/vm/dirty_writeback_centisecs
This value will have been rewritten to 500 when I reboot. Is there any way to change this, and make sure that any and all changes I do to my system remain permanent until I change them to something else? This question is of course not limited to Powertop, I would also like changes I do via for example cpufreq to be permanent as well.
View 5 Replies
View Related
Dec 9, 2009
I am trying to replace just the kernel (no modules) for my default kernel on FC 11. I use the default .config file and just change a few things and then run the make command. After I replace the kernel and reboot the system the password comes up for the encrypted filesystem and it does not take my password for some reason. what I need to do to get this working?
View 1 Replies
View Related
Jul 27, 2011
I just upgraded from F14 to F15 and have a problem with entering the password for the encrypted FS: when booting with the latest entry in the bootloader:
Quote:
kernel /vmlinuz-2.6.38.6-26.rc1.fc15.i686.PAE ro root=/dev/mapper/vg_anonymous-lv_root rd_LUKS_UUID=luks-3ef72221-1165-46a6-ab69-3932e22e9d4f rd_LVM_LV=vg_anonymous/lv_root rd_LVM_LV=vg_anonymous/lv_swap rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=de
initrd /initramfs-2.6.38.6-26.rc1.fc15.i686.PAE.img
[Code]....
View 1 Replies
View Related
Mar 6, 2010
During a repair windows did overwrite my grub MBR for it's own bootloader. Now how do I get back to my encrypted ubuntu?
View 5 Replies
View Related
Apr 8, 2011
I'm looking to upgrade from Lenny to Squeeze and would like to check if there's anything special I need to do. Software-wise there's nothing out of the ordinary on the system but, while looking into upgrading, I've read some horror stories regarding encrypted systems. I've only previously installed from fresh.
Here is how my current partitions/filesystems are set out:
. sda1/sdb1 > raid > ext2: boot
. sda2/sdb2 > raid > luks > lvm > ext3: root
. sda2/sdb2 > raid > luks > lvm > ext3: swap
. sda2/sdb2 > raid > luks > lvm > xfs: data
. sdc1/sdd1 > raid > luks > lvm > freespace: vms
Would this just be a standard upgrade, as per these? [URL]. I will be backing up important data before I attempt to upgrade.
View 2 Replies
View Related
Apr 4, 2011
is it possible to make a system image with ease? By that I mean without having to fire up clonezilla and click through 15 clicks? I am probably being lazy and have noticed the really easy way to make a system image in windows - is there something similiar in ubuntu?
View 3 Replies
View Related
Apr 15, 2011
I have purchased a 500Gb seagate external hard disk.I partitioned it using the xp disk manager. I have now 320gb primary NTFS partition for accessing & storing data through XP & kept 144Gb of unallocated space for installation of Redhat Enterprise Linux 6.0. I have the dvd of RHEL 6.0, now please guide me through the process. I know I have to boot from my dvd drive. But i don't know how to manually allocate & partition the swap, and how much to mount under '/' & under'/boot'.. And also how to set it up for the dual boot.
View 5 Replies
View Related
Mar 21, 2011
I followed this tutorial to encrypt my entire installation: SDB:Encrypted root file system - openSUSE
It worked splendidly and whoever wrote it should get a lifetime supply of beer. After I got the install encrypted I made a RAID 1 array of 2 1GB disks and encrypted that as well. They are used for a data repository.
[Code]...
View 9 Replies
View Related
May 5, 2010
I need a webserver (LAMP) running inside a virtual machine (#1) running as a service (#2) in headless mode (#3) with part or the whole file system encrypted (#4).The virtual machine will be started with no user intervention and provide access to a web application for users in the host machine. Points #1,#2 and #3 are checked and proved to be working fine with Sun VirtualBox, so my question is for #4:Can I encrypt all of the file system and still access the webserver (using a browser) or will GRUB ask me for a password?If encrypting all of the file system is not an option, can I encrypt only /home and /var/www? Will Apache/PHP be able to use files in /home or /var/www without asking for a password or mounting these partitions manually?
View 2 Replies
View Related
Jun 3, 2010
I have a computer, that has the bad luck to be equipped with buggy hard-drives. Actually, they need a firmware update. This firmware update will probably destroy the data on them. I also want to add one or two other hard-drives to the RAID. What I am looking for, is a tool, that makes a clone of the system as it is now. And then, when I will have upgraded the disk firmware and added the other hard-drives, I just clone the system back from the clone.
View 9 Replies
View Related
Mar 31, 2009
Centos 5.3 includes Ext4 and improved support for encrypted file systems but it appears to be aimed at laptop/desktop systems, in that a password must be entered at boot time.
Is it possible to have a server with an encrypted root file system boot up without entering a password?
Mandos will do it...
http://wiki.fukt.bsnet.se/wiki/Mandos
...by serving up the password from another server...
http://packages.debian.org/squeeze/mandos
...to a client loaded into the initial RAM disk environment...
http://packages.debian.org/squeeze/mandos-client
...but it's not available on CentOS, and is only in Debian unstable.
Is there a similar (or any) solution for CentOS?
In particular, I'm envisaging encrypted virtual machines being served passwords from their virtual host.
Alternatively, the data that *really* needs to be protected could be encrypted while the system core remains unencrypted. But then the keys to decrypt the file system must be stored in the unencrypted portion, so this is not an effective method.
View 3 Replies
View Related
Mar 3, 2010
My J2EE application is deployed in Weblogic 9.2 MP3 in Linux box.The problem is "api response time in production system is higher that test system( test system has more data and load w.r.t production .)"we got large amount of page fault in production Garbage collection log ,where as in test system (with same load ) page fault is Zero.And this page fault making my production system slow.In respect of JVM(JrockIt)both the system memory settings(Xms1024m -Xmx1024m -Xgcprio:throughput) are same.
Meminfo for Production:
MemTotal: 3866724 kB
MemFree: 1131748 kB
Buffers: 52304 kB[code].....
any system/kernel parameter set is missing in production which might cause this large amount of page fault. If any more information is required let me know?
Linux Version in Prod:
Linux version 2.6.18-53.el5 (brewbuilder@hs20-bc1-7.build.redhat.com) (gcc version 4.1.2 20070626 (Red Hat 4.1.2-14)) #1 SMP Wed Oct 10 16:34:19 EDT 2007[code]....
View 1 Replies
View Related
Mar 7, 2011
I installed Ubuntu 10.10 64 on my laptop with the entire 500gb setup as encrypted LVM. This has worked well for several months with no problems. During this time i have been backing up the data to an external usb drive (1tb) on a regular basis. The usb drive was not encrypted. So, I thought it would be a good idea to encrypt the backup drive too. I wiped out the backup drive and set it up as one large encrypted lvm and mbr. This seemed to work fine but immediately afterwards I decided to erase that and set it up as encrypted lvm guid instead of mbr. I couldn't delete it while logged into my desktop so i decided to do it from a bootable gparted usb stick. In gparted i erased the 1TB backup drive once again and planned on setting it up the way I wanted once I was logged back into my ubuntu desktop. Now I cant boot into my desktop with the following errors:
cryptsetup: evms_activate is not available b0d) does not begin with /dev/mapper/
Then after waiting for a few minutes I get an error followed by (initramfs)
When booting from a live version of ubuntu the 250MB boot patition is recognized and 500 partion is there but it is labeled as empty/unused.
Also, I did choose to use the exact same passphrase as what is used on the main bootable drive when I set up the encrypted partition on the external 1TB drive.
View 9 Replies
View Related
Aug 18, 2010
but I wantto set up a new system with openSUSE 11.3 The system should be fully encrypted. I want to use the best possible encryption.1 I am not sure, AES 256 xts-plain is the most secure single algorithm, isn't it?2 Is it possible to use a cipher? 3 Which algorithm does the yast-installer use when I encrypt the whole system with a logical volume group?I have read this two articles:a) Encrypted Root File System - openSUSEb) openSUSE Lizards encrypted root file system on LVMBut I have to say that these routines are a little bit complicated in my eyes.Isnt there a easier way to encrypt the whole OS?I know there is a 64bit live cd available. 4 So the first description (a) is obsolete?5 How can I set up a (fully encrypted) system without using LVM?The hard disk layout should be done in this way:
/boot sda1
/enhanced partition sda2
/swap sda5
[code]....
View 8 Replies
View Related
Jan 5, 2010
I've just started using ubuntu one. However, some of the files I store on there are sensitive so I encrypt them using seahorse. Right click, encrypt etc etc. My question is, is there a way to automatically get the encrypt process to delete the un-encrypted file when it makes the new encrypted copy?
View 6 Replies
View Related
Jan 21, 2009
I need a FREE solution that can image an entire Luks system encrypted volume and the rest of the used HDD, the MBR and /boot partition. Note: MBR and /boot are not encrypted. Note 2: I want to be able to restore entire drive from image with only a couple of steps. Note 3: Destination HDD space is a factor. Image file must be compressed and the image file must be around 40 to 50 GB or less. The smaller the image the better.
I have used clonezilla live cd before but not for encrypted volumes. I know you can install it in Linux. But, I don't know how to configure it after installation. I would be very happy if someone could tell me how to configure clonezilla in Fedora. How to guides are also welcome. I have one more question. If I image the encrypted volumes and all the stuff I mentioned above while logged in to Fedora, and I restore the drive from the image, will the recovered drive still be encrypted?
View 8 Replies
View Related
Jun 3, 2015
I have a problem with my debian install. I 've got a laptop with 3 OS:
First I installed windows.
Then I installed ubuntu 15.04 in an encrypted partition, and another partition with /boot (/dev/sda6) created when I installed Ubuntu.
And, finally I installed Debian 8 in an encrypted LVM (/dev/sda8) with 3 partitions (/, /home and swap), and a /boot (/dev/sda7) partition created when I installed Debian.
Needless to say that both /boot partitions are not encrypted
Previously I had a similar configuration with ubuntu 14.04 and Debian wheezy.
The problem is that I can't start the system by using the Debian grub (/dev/sda7). So Ihave to boot the system using Ubuntu's grub (/dev/sa6). The second part of the problem is that when I boot Debian using /dev/sda6 (ubuntu's grub) , plymouth does not work.
I tried purging grub and reinstalling it again with the ubuntu partition mounted, and it did not work.
I did not have this problem with my previous configuration (with wheezy and xubuntu 14.04) ...
View 8 Replies
View Related
Sep 5, 2010
The system disk on my lenny 64b system is using LVM, encryptions and XFS (/boot is ext2). I'm looking forward to turning it into old-style, ext4 unencrypted partitions (and thinking about btrfs in the future. Despite having used Debian for many years now, I haven't really ever tried a true migration and all of the guides out there are concerned with turning an unecrypted to encrypted. My basic idea was to use the installer and set up a minimal new system on a fresh disk, then migrate all of my stuff from the old system.
I have some doubts though
1- is this the easiest way to get the task done?
2- what do I have to copy from the current system /etc? and most importantly, what I should *not* copy?
3- how do I replicate the current package configuration on the new system without falling into a dependency hell?
View 2 Replies
View Related
Oct 26, 2010
I've installed Squeeze on a USB stick, but can't get it to boot. I've had this problem before and gave up last time. I installed on an encrypted LVM - here is the grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by /usr/sbin/grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
[Code]...
I added rootdelay=10 and switched root from hd1,1 to hd0,0 as suggested elsewhere. Still no go, i jsut get dumped into ramfs shell with an error message saying that /dev/mapper/crunchbang-root doesn't exist.
View 1 Replies
View Related
