OpenSUSE Install :: Using Non-LUKS Loopback Encryption In 11.3?
Aug 5, 2010
I've got some old drives using pre-LUKS loopback encryption, and I'm having problems mounting them on OpenSUSE 11.3. What I expected to work, based on past experiences with other distributions, is something along the lines of:
mount -t ext3 /dev/sdc11 tmp -o loop=/dev/loop1,encryption=AES256. When I try this I'm asked for the password, but then get the message "ioctl: LOOP_SET_STATUS: Invalid argument". Anyone have a clue what could be going wrong, or how I can best access these drives from OpenSUSE?
View 5 Replies
ADVERTISEMENT
Mar 12, 2011
I'm trying to install a luks enabled grub for full system encryption. What modules are required by grub to load a normal ubuntu linux system and what is the type to use?
View 2 Replies
View Related
May 9, 2011
first i make one partiton ten format it add mount point and fire luksopen command and create secert file and enter this in crypttab but when i rebbot it showes scert file not found and partion remain unlocked
View 1 Replies
View Related
Jun 17, 2010
1.) I am wondering how to enable the lock to an encrypted partition which has been unlocked, using luks? On boot, I am been asked automatically for the pass phrase to unlock my partitions. After doing a back up, I want lock the encrypted partition again, but I don't know the command?! I umounted the partition but after mounting it again, I was not asked for the pass phrase but had access to my data.
2.) How secure is the default fedora version of luks? Is truecrypt better?
View 2 Replies
View Related
Jan 8, 2010
When 10.04 is released I'll encrypt my /home partition using luks. I've read that xts is good for hard drive encryption and aes is good for cipher encryption. I'm looking for something that is fairly secure without sacrificing a lot of speed.
View 2 Replies
View Related
Mar 20, 2011
Is LUKS the best data/system encryption? Or is there one that is even better and stronger?
View 1 Replies
View Related
Oct 21, 2015
I would like to configure my Debian Jessie system in this way.
Two partitions:
1) /boot on /dev/sda1
2) everything else on /dev/sda2
I want to encrypt the second partition with LUKS. And then install over it a LVM volume. Inside the LVM volume i will create the / (root), /var, /opt and /home virtual partitions. In this way, i'll get asked only once for the password to decrypt all partitions. Because if i don't use LVM, then i'll get asked for the password for each encrypted partition.
I can follow and understand almost everything of this HOW-TO for Archlinux: [URL] ....
Only two passages are unclear to me:
1) Configuring mkinitcpio
I don't understand what i should do here in order to complete this. What should i do in Debian to configure "mkinitcpio"? what is the equivalent thing to do here?
I thought that the kernel would automatically recompile itself with all installed modules on the Debian system, once cryptosetup/LUKS or LVM2 get installed.
2) Configuring the boot loader
I don't understand what should i write in /etc/default/grub. Will GRUB automatically load the LUKS and LVM2 modules? Also, I don't think that i could boot the system in this way:
cryptdevice=/dev/sda2:LVM root=/dev/mapper/LVM-????
Actually the "root=" volume is the whole volume to mount as LVM. It isn't the final root partition.
View 5 Replies
View Related
Jul 19, 2010
I'm planning a fresh F13 install, with separate partitions for /boot, /home, /tmp, /, and swap. All but /boot will be logical volumes, and I'd like to encrypt all but boot. If I encrypt the underlying partitions, is there any reason to also encrypt the logical volumes themselves?
my system will be:
HP dv6-3040us Pavillion laptop
AMD Phenon II
4GB DDR3
View 3 Replies
View Related
Mar 26, 2010
I'm moving over to Linux when the new SSD arrives. SSD gives increased performance, so I thought that I could encrypt everything.
But then I came to think about TRIM, and garbage collection on the drive. Will a LUKS encrypted drive affect the garbage collection system? (TRIM).
View 3 Replies
View Related
Jul 3, 2011
I have set up a Linux software RAID5 on three hard drives and want to encrypt it with cryptsetup/LUKS. My tests showed that the encryption leads to a massive performance decrease that I cannot explain. The RAID5 is able to write 187 MB/s [1] without encryption. With encryption on top of it, write speed is down to about 40 MB/s.
The RAID has a chunk size of 512K and a write intent bitmap. I used -c aes-xts-plain -s 512 --align-payload=2048 as the parameters for cryptsetup luksFormat, so the payload should be aligned to 2048 blocks of 512 bytes (i.e., 1MB). cryptsetup luksDump shows a payload offset of 4096. So I think the alignment is correct and fits to the RAID chunk size.
The CPU is not the bottleneck, as it has hardware support for AES (aesni_intel). If I write on another drive (an SSD with LVM) that is also encrypted, I do have a write speed of 150 MB/s. top shows that the CPU usage is indeed very low, only the RAID5 xor takes 14%.
I also tried putting a filesystem (ext4) directly on the unencrypted RAID so see if the layering is problem. The filesystem decreases the performance a little bit as expected, but by far not that much (write speed varying, but > 100 MB/s).
Summary:
Disks + RAID5: good
Disks + RAID5 + ext4: good
Disks + RAID5 + encryption: bad
SSD + encryption + LVM + ext4: good
The read performance is not affected by the encryption, it is 207 MB/s without and 205 MB/s with encryption (also showing that CPU power is not the problem). What can I do to improve the write performance of the encrypted RAID?
[1] All speed measurements were done with several runs of dd if=/dev/zero of=DEV bs=100M count=100 (i.e., writing 10G in blocks of 100M).
Edit: If this helps: I'm using Ubuntu 11.04 64bit with Linux 2.6.38. Edit2: The performance stays approximately the same if I pass a block size of 4KB, 1MB or 10MB to dd.
View 1 Replies
View Related
Jun 20, 2010
I'd like to know if there's a simple way to create a LUKS encryption drive with different passwords? A real one that leads to one set of data, and another that leads to a whole different set of data. Is this even possible with LUKS?
View 1 Replies
View Related
Feb 14, 2010
I know how to mount it manually. I've seen a howto on how to mount it automatically by loging in with the user, you type your username and password and it mounts your encrypted partition. But that's not what I want. My idea is to call cryptsetup and mount on boot, AND ask me for passphrase like when its loading the system, then if I don't type the right password it shouldn't mount /home, even though i type the correct USER password later when the system is loaded(and then I'd have an empty /home since my home partition wasn't mounted due to wrong passphrase).
This is what I tried: I added the commands to rc.local and I don't even feel like it was executed, no passphrase was asked. As a test if commands there were being executed, I tried simple commands lile mkdir /test and it worked. So commands there are executed, yet, no passphrase was asked to me, I looked on dmesg for crypt and found nothing, I pressed alt+ctrl+F1 desiring to find a passprhase-ask and again, nothing.
View 2 Replies
View Related
Jul 5, 2011
Is there any way to specify the bit strength for LUKS when one is installing OpenSUSE 11.4? I've tried to find it (because imho 256 bit aes is a bit high for what little i do with my netbook) but I have not. I was going to try to control+alt+F4 to a shell and create the partition setup and create the LUKS container and see if that works but in the past, trying that doesn't work either because 1) the installer doesn't ask for the LUKS password or 2) it asks, setup finishes normally, but yet I then get what seems to be random boot errors like some times the /home doesn't mount, sometimes the swap doesn't enable, etc.
Anyone care to give some input? I've been around and around the installer and can't seem to find a way to do it.
View 3 Replies
View Related
Apr 2, 2011
I recently installed OpenSUSE 11.4 64 bit with GNOME yesterday and everything is going fantastic. I like it much better than Ubuntu 10.10 64 bit Maverick Meerkat because it is much more stable, reliable, and dependable. I own a heavily modified ASUS N61JV-X2 notebook PC. I installed OpenSUSE using the LVM based method and LUKS encryption. When I turn on the power to my notebook PC, it asks me for my password to decrypt my Intel 2nd Generation 160.00 GB Solid State Drive. I expected this behavior. However, I never get to see the OpenSUSE login screen. After I type in my password to decrypt my SSD, it loads up the desktop immediately. How do I configure my OpenSUSE so that I can see the login screen so that I can select my standard user profile and enter the user password to login?
View 9 Replies
View Related
Aug 26, 2011
I've had everything but /boot on LVM LUKS encryption since I installed 11.4 on my netbook. Suddenly it won't accept my password and boot. Nothing had been updated since the last successful boot. The only possibly different thing that occurred was that I had plugged in my Android phone to charge before it booted up. Anyway, the specific error it gives when I enter the password (and I'm absolutely sure it's the correct password):
Code:
No key available with this passphrase.
Here is everything else on the screen:
Code:
doing fast boot
Creating device nodes with udev
[number (not sure if relevant/unique)] fb:conflicting fb hw usage inteldrmfb vs VESA VGA - removing gen
Volume group "system" not found
[Code]...
View 9 Replies
View Related
Apr 22, 2010
I'm trying to install OpenSuse 11.2. During installation there's a problem. It offers to create an LVM with encryption. That's fine. The problem is: it only uses 15GB of my 250GB hard drive. When I try to alter the partitions, I can't. When I try to remove the partitions and create new partitions myself it seems OK but a few minutes later the installation quits with 0333. I googled on resizing the LVM, but it brought me nowhere. There seems to be no working manual on how to do that. How do I install my system without having over 90% of my disk unused?
View 5 Replies
View Related
Nov 21, 2010
i have hd encryption activated on my swap and home disks. now every 20 min or so (not really periodic but definetly reproduceable) my system hangs completely for about 4 - 10 sec while the hd led is on. i have a dual core cpu which makes this even more odd. could this be a side effect of hd encryption especially on the swap partition?
View 3 Replies
View Related
Feb 8, 2010
any incompatibility for an encrypted disk (i.e. impossibility of reading the file system) among different versions of the same distro or among different Linux distros.
View 1 Replies
View Related
Aug 8, 2010
Trying to encrypt my partitions for swap, root and /home directories. However, when I go to partitioner and select the drives as sdb1, sbd2 or sbd3 and click on the encryption. It errors with a -3016 error. Can't find anything in the release notes or the security documentation that would lead me to why this screen is popping.
View 3 Replies
View Related
Jun 19, 2011
Using SUSE 11, I'm trying to change my existing login user id HOME directory to use encryption. I use YAST to do this, just by clicking the ENCRYPTION box inside the USER AND GROUP MANAGER tool.I receive this error message -- "Not enough disk space left to copy existing data".Which file system do I need to add space to?Here are the filesystem existing sizes --
Filesystem: / Size: 6g Used: 3g
Filesystem: /home Size: 1.8g Used: 65m
View 4 Replies
View Related
Dec 26, 2010
Installed latest version of sipXecs (PBX system) which is based on CentOS. The install went fine. During the first boot up all the messages come back with OK until it reachs a message about loopback. It hanges on this message and will go no further.
View 1 Replies
View Related
Feb 1, 2010
Besides Puppy or DSL, is there a full "regular" Linux distro that is friendly to be installed on a USB flash drive that won't wear it out? I want to be able to upgrade it, not just keep minor persistent changes like the methods outlined in pendrivelinux.com. The loopback file would fill out too much if I actually did a apt-get update, so I want something that installs natively on a USB flash drive with EXT3/EXT4, etc.
However, is there a distro that sends the log to a tmp ram drive, for instance? Something made *not* to wear out a USB drive too fast? I want a truly portable Linux on a UFD, not a semi-attempt that uses casper.
View 5 Replies
View Related
Oct 18, 2010
I can't seem to get an encrypted partition to recognize a keyfile. It is a backup partition that I would like to keep unmounted until a cron-script runs once a week to backup my sensitive data. In order for the script to run without my assistance, I thought I'd use a keyfile to authorize the mount.
So far I've created a keyfile and have added it to the partition using "luksKeyAdd". It didn't really say it was successful, but when I do a luksdump, it shows that another key slot has been enabled, so I believe it worked. After that I created a /etc/crypttab file with the following:
Code:
backup_sdd1 /dev/sdd1 /root/backup luks
/dev/sdd1 being the backup partition, and /root/backup being the keyfile
After rebooting, I am still prompted for a password when trying to mount the encrypted partition (sdd1), and there is no device "/dev/mapper/backup_sdd1" created like I believe there should be. I haven't added any entries to fstab, as I don't want this partition to mount at boot.
View 5 Replies
View Related
Mar 27, 2010
I'm running Karmic Server with GRUB2 on a Dell XPS 420. Everything was running fine until I changed 2 BIOS settings in an attempt to make my Virtual Box guests run faster. I turned on SpeedStep and Virtualization, rebooted, and I was slapped in the face with a grub error 15. I can't, in my wildest dreams, imagine how these two settings could cause a problem for GRUB, but they have. To make matters worse, I've set my server up to use Luks encrypted LVMs on soft-RAID. From what I can gather, it seems my only hope is to reinstall GRUB. So, I've tried to follow the Live CD instructions outlined in the following article (adding the necessary steps to mount my RAID volumes and LVMs). [URL]
If I try mounting the root lvm as 'dev/vg-root' on /mnt and the boot partition as 'dev/md0' on /mnt/boot, when I try to run the command $sudo grub-install --root-directory=/mnt/ /dev/md0, I get an errors: grub-setup: warn: Attempting to install GRUB to a partition instead of the MBR. This is a BAD idea. grub-setup: error: Embedding is not possible, but this is required when the root device is on a RAID array or LVM volume.
Somewhere in my troubleshooting, I also tried mounting the root lvm as 'dev/mapper/vg-root'. This results in the grub-install error: $sudo grub-install --root-directory=/mnt/ /dev/md0 Invalid device 'dev/md0'
Obviously, neither case fixes the problem. I've been searching and troubleshooting for several hours this evening, and I must have my system operational by Monday morning. That means if I don't have a solution by pretty early tomorrow morning...I'm screwed. A full rebuild will by my only option.
View 4 Replies
View Related
Sep 8, 2015
I'm trying to upgrade my Win8/Wheezy 64-bit machine to Jessie 8.1 by installing from the amd64-bit netinstall iso image on a USB flash drive. I had done the previous, Wheezy, install on a disk partition that was whole-partition LUKS/LVM drive, with separate logical partitions for swap, root, and home.
Before doing the upgrade, I booted to the BIOS to ensure that my UEFI system had the correct, CSM and Legacy modes enabled in it, so that installer would boot using the non-efi BIOS mode.
Step one of the upgrade was to boot the netinstall and enter the rescue mode so that I could manually do the cryptsetup/LVM business. When I returned to the installer, I mounted the now-recognized logical partitions normally, choosing to format only the swap and / partitions.
During the entire process, I had to go into rescue mode one more time to manually mount the unencrypted /boot partition, along with my /home partition. I copied a backup of my old /etc/crypttab from the latter, and after returning to the installer, finished the install. That finish included installing grub on my hard drive's main boot partition.
Everything seemed to finish with no problems. However, when I try to boot the debian bootloader, I get tossed to grub rescue with the message that '/grub/x86_64-efi/normal.mod' doesn't exist. At this point I returned to the installer, mounted the /boot partition, and saw that there grub-install didn't create that an x86_64-efi directory at all. Instead, it had created an i386 directory. The exact name escapes me at the moment.
I *think* that my install was clean other than the last bit that was related to installing the bootloader. How to reinstall the bootloader in such a way as to make all of this work.
View 2 Replies
View Related
Jan 4, 2011
Ubuntu's request for an encryption passphrase on installation could be greatly improved.
After installation, if the option to encrypt the home folder has been checked, Ubuntu prompts: "Record your encryption passphrase".
On running the action there are the following problems:
# When you type a passphrase, your keypresses are not indicated on the screen
# If you make a mistake typing the passphrase, and backspace, there is no way of knowing whether the backspace operation has worked
# The passphrase is typed once and the operation ends. There is no attempt to validate the correct entry of the passphrase by asking for it to be typed twice.
The combination of these shortfalls can be fatal. My last recorded encryption passphrase proved to be incorrect when after a critical failure I was required to enter my encryption passphrase to retrieve my data. It had not been backed up for a while. Ubuntu did not recognise my passphrase. Only after some dogged support from Canonical was the problem resolved.
I've just done a fresh install. I have butter fingers. I inevitably fumbled over the entry of my encryption passphrase. I have absolutely no way of verifying the passphrase I just set. Should Ubuntu ditch another critical failure on me, what do you think the chances are that my passphrase will work?
View 1 Replies
View Related
Apr 13, 2011
Is there a way to install ubuntu 10.04 or 10.10 with full disk encryption? I read how to do it in the 8.0 version, was wondering if it is still possible?
View 4 Replies
View Related
Jul 1, 2010
I was wondering how to activate encryption on my home folder, like sugested when creating the first user? in 10.04Also, is it any good to use?It's a work computer with sometimes private documents (cv, docs, etc) and i would like to be sure no one can access it, even as root.
View 3 Replies
View Related
Dec 23, 2010
I am building an active directory and using BIND9 as my DNS. To allow for secure dynamic updates from the domain, I am enabling GSS-TSIG as detailed here and here. Unfortunately, some of the commands and configurations used here seem to be depreciated, at least in the newer versions that I'm using. My issue is one of keytab encryption. I generated a keytab using ktpass.exe on the Windows Server 2008 domain controller. I have tried DES/MD5, AES128/SHA1 and AES256/SHA1, each have been turned down by ktutil on the kerberos server (FreeBSD). Each time, it outputs the following error: ktutil: AES256/SHA1*: encryption type AES256/SHA1* not supported *Respective to encryption used.
I cannot find a list of suitable encryption schemes that ktutil will accept. The FreeBSD handbook details a means of producing a keytab file, but I'm not sure how to configure the Domain Controller to use the keytab.
View 1 Replies
View Related
Dec 24, 2010
I m facing a problem regarding with postfix, when the user try to send a mail to anyone on the system it loopback to itself i
This is my main.cf file:
View 115 Replies
View Related
