OpenSUSE Install :: Encrypted LVM LUKS And Login Screen
Apr 2, 2011
I recently installed OpenSUSE 11.4 64 bit with GNOME yesterday and everything is going fantastic. I like it much better than Ubuntu 10.10 64 bit Maverick Meerkat because it is much more stable, reliable, and dependable. I own a heavily modified ASUS N61JV-X2 notebook PC. I installed OpenSUSE using the LVM based method and LUKS encryption. When I turn on the power to my notebook PC, it asks me for my password to decrypt my Intel 2nd Generation 160.00 GB Solid State Drive. I expected this behavior. However, I never get to see the OpenSUSE login screen. After I type in my password to decrypt my SSD, it loads up the desktop immediately. How do I configure my OpenSUSE so that I can see the login screen so that I can select my standard user profile and enter the user password to login?
I've had everything but /boot on LVM LUKS encryption since I installed 11.4 on my netbook. Suddenly it won't accept my password and boot. Nothing had been updated since the last successful boot. The only possibly different thing that occurred was that I had plugged in my Android phone to charge before it booted up. Anyway, the specific error it gives when I enter the password (and I'm absolutely sure it's the correct password):
Code: No key available with this passphrase. Here is everything else on the screen: Code: doing fast boot Creating device nodes with udev [number (not sure if relevant/unique)] fb:conflicting fb hw usage inteldrmfb vs VESA VGA - removing gen Volume group "system" not found
I am trying to change the splash screen (Lucid 10.4) on an encrypted drive (cryptpo LUKS)
I've used to gimp to modify the png files in /lib/plymouth/themes/ubuntu-logo (both ubuntu_logo.png and ubuntu_logo16.pgn).
These changes show up when the machine is shutting down, but not when it boots (I get the same Ubuntu splash screen that allows me to enter the encryption password). I'm guessing because I'm using an encrypted drive that the plymouth theme and images are stored in an encrypted partition ....maybe /dev/sda1?
Could someone confirm this, or suggest how to change the splash screen for 10.4 if using drive encryption?
I can't seem to get an encrypted partition to recognize a keyfile. It is a backup partition that I would like to keep unmounted until a cron-script runs once a week to backup my sensitive data. In order for the script to run without my assistance, I thought I'd use a keyfile to authorize the mount.
So far I've created a keyfile and have added it to the partition using "luksKeyAdd". It didn't really say it was successful, but when I do a luksdump, it shows that another key slot has been enabled, so I believe it worked. After that I created a /etc/crypttab file with the following:
Code: backup_sdd1 /dev/sdd1 /root/backup luks /dev/sdd1 being the backup partition, and /root/backup being the keyfile
After rebooting, I am still prompted for a password when trying to mount the encrypted partition (sdd1), and there is no device "/dev/mapper/backup_sdd1" created like I believe there should be. I haven't added any entries to fstab, as I don't want this partition to mount at boot.
I'm looking for a way of mounting an encrypted volume - home folder or a separate mount point, using only the standard login authentication (ie KDM or ssh). I thought the pam_mount module provided this, but I still get prompted for a password on the console at boot time. This is inconvenient as both my main desktops are headless HTPCs. I want the login credentials to be passed through, at log in time. I'm guessing this is possible, but to be honest, encryption is one thing in Linux that still completely confuses me.
I have installed VirtualBox and setup a Windows Vista host, initially with a .vdi of 10gb. That filled up quickly, so I added another 20gb secondary partition, after first trying to allocate a .vdi to a SCSI controller. Configured the drive in Windows (Computer Management), and all seemed ok. I shutdown VB, and rebooted my Linux host (openSuse 11.3). Now I keep bouncing back to the login screen, and can't login to Linux KDE, but can login to a console.I do have the following info:
I did see a message before, that I don't see anymore, that said it could not start NFS services due to missing entry in fstab. Another I'm seeing now is it couldn't start the avahi-daemon, no space left on device. This is odd, since I have a 200GB drive, with half of it left, only max 30GB set to VB. Here's my df -k output:
/dev/sda6 Use% is 100% devtmpfs Use% is 1% tmpfs Use% is 1% /dev/sda7 Use% is 46%
So root "/" is mounted on /dev/sda6, which looks like it could be a problem, but why would this suddenly be a problem after working with VirtualBox? Could this be a matter of just freeing up space on /dev/sda6? Like the /tmp folder that's under "/"?
I installed openSUSE 11.4 on HP elitebook 2560p few days ago (using KDE live CD). In general system is working fine, but steel I cannot resolve couple of really annoying issues: 1. I've created encrypted partitions for swap and home during OS installation. As result the system keep asking for passwords for each of encrypted partitions before show login screen. That leads to situation when I have to type 3 passwords during each boot/reboot. I was using the same configuration (swap and home were encrypted) on Ubuntu 11.04 and there both encrypted partitions were mount automatically with no password typing after login to the system. Could you please tell how I can configure the same behavior on openSUSE 11.4 ?
2. I've enabled auto screen lock after 5 mins being inactive. As result when I going back to laptop and to unlock the screen the system shows login screen (default login screen with user selection). But when user and password filled in I click login it creates entire new KDE session. Therefore all staff that was open before screen lock is gone. However old session is still in the system (it appears in output from 'w' command).
My OpenSUSE 11.2 is working fine as samba server, no problems, but I have a problem with KDM.My default init runlevel is set to 5 and every time I try to login at KDM (KDE4), the monitor goes black and returns to the login screen.If I hit Ctrl+Alt+F1 to go to console and start /usr/sbin/console-kit-daemon manually, press Ctrl+Alt+F7 to return to KDM login, everything is fine.What do I have to do to fix this issue?
been using 11.2 with KDE on a Sony laptop since 11.2 was released always ran perfect suddenly I can't login, I get to the login screen type in password it begins to load my desktop, then fails and dumps me back to the login screen I can login as root, all my stuff is there (under /home/me) I tried changing my password, no luck I went to run level 3 and there I can login just fine seems to be something with my KDE profile any ideas where I might find some error messages telling me what's going on?
this seemed to happen when I was running "blender" and making the machine do some heavy number crunching, it actually locked up.
I want, when I boot up, to load and log-in automatically a default user. I get a login in screen with the option to login as root, I do not want this. How do disable the option to login to X as root and just load as me/default user?
Every account every option I try. when I login, it just cycles back to the login screen. I have attempted to do a repair install, but to no avail. it happens when I try to boot normally or if I boot into failsafe.
The graphical login screen is loaded just fine. Though very shortly after (a moment after the loading screen could be seen) it crashes back to the graphical login. And that happens no matter what wm I'm trying - gnome, kde3, kde4, e16, e17, even twm.
It happened after the logout after a zypper up yesterday morning. Looking through the list of what packages were upgraded (two machines, both last zypper up'ed last Sunday, checked on the second one after the problem with the first one), the only packages which might be responsible are kwin or qt4.
The graphics card seems to be fine (NVidia 9600), as it happens whether or not I use nv or the propietary driver. Also tried reinstalling it from the repo as well as using the binary blob from NVidia. Has been tested on Windows and games are running fine there, so it shouldn't be the card.
What is strange, is that when calling upon sax2 -r from runlevel three, the initial screen loads nicely, but sax2 crashes back to the cli once one presses 'Change Configuration'. No error messages are being printed.
Any pointers on how I can narrow down the cause (and get it fixed)?
I have a really tricky and may be intresting problem with a encrypted disk partition (cryptsetup luks...) which was fine until it accidentally got re-formatted by an instance of Windows 7. Most of the data on that 1TB-disk will probably still exist, only the LUKS header at the very beginning of the partition is - of course - gone.
So when I try to open the container, it gives no verbose, just the return value 234.
I scanned the whole partition for other LUKS headers with hexedit, none there. But, luckyly I have another partition which is encrypted in the exact same way with the exact same passphrase (which I remember very well!), so I had an idea: I copied the LUKS header (592 bytes) from the other LUKS encrypted partition over to the damaged partition. When I now issue
Code: No key available with this passphrase
Here is the command how I created the container:
How do I get the existing passphrase accepted by LUKS?
I am trying to get Slackware 12.2 running on a system with two identical harddiscs using RAID-1, LVM and LUKS.
Here is what I get:
The system is still the same, however, the results of upgrading or installing 12.2 are different. The system refuses to boot. The screen messages during boot seem to suggest, that the RAID system is "seen" by the system, but the encrypted filesystem is not.
I can boot with the installation DVD, however, and
sda is what I currently run to write this text, sdb is my former harddrive, connected via USB.
I want to access the root partition on sdb.
The problem is:
Code: Select allcryptsetup luksOpen /dev/sdb5 oldhd Enter passphrase for /dev/sdb5: root@x200s:/home/b# ls /dev/mapper/ control oldhd sda5_crypt x200s--vg-root x200s--vg-swap_1 root@x200s:/home/b# mount /dev/mapper/oldhd /mnt/ [b]mount: unknown filesystem type 'LVM2_member'[/b]
Before all this, both sda and sdb where in the same volume group. I renamed the volume group of sdb to "oldDisk" using
Code: Select allvgrename <UUID> oldDisk
How I can access the data on the root filesystem of my sdb..
I need to access /etc/modprobe.d on an encrypted LVM LUKS partition. I m not sure how to go about it though. Mount usually handles my mounting needs, do I need to decrypt the physical volume first? LIst of commands need would make my day.
I run fedora 13 on my laptop (dual boot with Windows 7) and I just created a new partion to hold sensible data, encrypted with LUKS. I followed this tutorial for creating it.Now, everything went well and the new partition works well. But I needed something a little different from what the tutorial suggested, because I don't want the partition to be mounted on the system each time it boots, but I would (unlock and) mount it manually when I need it.
To do so I just didn't follow the Tutorial steps from 7 to 13, thinking that without the changes to crypttab and fstab the partition wouldn't be even touched by the start up process. And that's partially true: the partition isn't mapped nor mounted in the system when I boot, but the problem is that it however keeps asking for the passphrase to unlock it even if it doesn't get mounted or mapped.It just asks for it before the system loads all it's parts (udev, filesystems, etc) and I can't understand why, what it uses it for if it doesn't unlock it.So my question is: why does it ask for the passphrase to unlock luks if I haven't set crypttab and fstab to mount the partition on start up?
I'm just wondering - what is the best way to set up your encrypted volumes with dm_crypt and LUKS?
My understanding was that aes-lrw ws better than aes-cbc - and then I stumble upon [url] which says that LRW has some problems, and XTS is better? I dont know enough about encryption theory to be able to say anything, so i'm hoping some folks more enlightened will be able to say something here.
I was previously using aes-lrw-benbi to set up a volume. If xts is truly better - should i be using '-c aes-xts-benbi' then?
I am running Fedora 14 with the Gnome desktop and I have a 1 TB external hard drive that is msdos with approximately 200 gbs of data on it. I can unlock it and even read and copy files to my internal hard drive but I cannot add files to it, I use to be able to. I didn;t think i changed permissions.
OpenSuSE 11.1 is by far the best SuSE version in a long time. It's generally up to competition or ahead of it. It's admirable, how thoughtful this system is set up, and how clean and fast it is compared to its predecessors. It ssems, that SuSE is fighting its way back to where they came from before the Novell "merger."
Having said that, it is even harder to understand, IMHO, why the installer doesn't support encrypted root partitions. Of course, there is a manual solution:
However, this HOW-TO doesn't explain how to combine LUKS encryption with LVM on a RAID-1 system, as described for Slackware 12.2 here:
Is there a similar guide anywhere available for OpenSuSE 11.1?
If not: Would it be possible to do all the low-level setup work, like partitioning, setting up the logical volumes and encrypting everything, with Slackware, following the document above, and then install OpenSuSE 11.1 on that system? Would that work?
I installed opensuse11.4 few minutes back. The install was absolutely smooth. I have dual boot, Win Xp and 11.4 now. But for some reason I do not see the login screen but instead I see a green screen with squares and stripes. Login in the failsafe mode is successful. How do I fix it?
Also noticed the following,
1) Initially the splash screen picks up the right resolution 1024*768 and then it changes it to a higher resolution. This I think I can fix, because I had faced a similar problem with 11.3 as well.
I'm trying to have a LUKS encrypted partition mounted at startup and to have GDM ask for my key so it will decrypt. Now I followed [URL] to the letter. Except for now, I have it just mounted into /mnt/cryptohome so I'm not messing with my system. My problem is the one everyone mentions in the comments, ubuntu isn't asking for the LUKS key in the X display, it's asking in the first terminal (Ctrl-Alt-F1). This will not do. I need it to ask to mount my drive before I'm even asked to login, so eventually I can encrypt my /home.
I'm having a problem auto-mounting a new luks partition. I have crypttab and fstab entries. I already have my primary encrypted partition (root) mounting at boot (from the install), but after creating this one manually, it does not open on boot. It auto-mounts when I run the following command manually after boot: sudo luksOpen /dev/disk/by-uuid/<uuid> mycrypt
I have an external 300GB (Toshiba) disk which I encrypted (using cryptsetup luksFormat) and then installed an NTFS filesystem on (need to be able to use it in both Linux and Windows - using FreeOTFE). The disk mounts fine in windows and on my Fedora 10 system it automounts.
I can manually mount it on the RHEL5.3 system, and gnome-mount gets as far as recognising that it is encrypted and asking for the key, but it doesn't then mount it - I then have to manually mount the /dev/mapper/luks... device.
Does anyone know how to do this - if it works in Fedora 10 it ought to be possible to get it to work in EL5.3 I'd have thought.
How can I get a LUKS encrypted partition on an external USB device automounted with r/w access for non-privileged users?
Background: I just reformatted an external USB device with ext4. The only partition is LUKS encrypted. Now, when I plug the device to my computer, KDE notifies me and asks me to enter the LUKS passphrase. Then it mounts the device. Little snag here: Non-privileged users have read-only access.
My user is a member of group plugdev, but not of group disk, as this was discouraged several times, e. g. by Robby Workman. With non-encrypted disks regular users have read/write access, or can change the filemodes accordingly, as far as I recall (currently I have no more non-encrypted disks left to verify it...)