I'm wishing to use Debian-Installer to create a Debian (testing)
installation with a full disk encryption scheme where the root partition
is a file system directly atop the dm-crypt device.
As it stands, it appears the installer requires you to create a
partition table on the Encrypted Volumes and does not allow using the
entire device alone. I believe this feature was available in the past,
though I could be mis-recalling. Either way, I was able to do this in
the past and I'm pretty sure I haven't forgotten anything about what I
did. I'm thinking recent changes to partman-lvm (as you cannot use
crypto with guided partitioning without LVM) might have made this
feature go away, but I have no specifics to point at (though I'd start
with some of the loop device based logic, given a perusal of the bug
reports).
Anyway, even if I cannot achieve these results with partman, I'm
wondering if I can do this all manually via the CLI and effectively
bypass the partman part of the process (rather than creating my own
.udeb to do the work for me). I believe all I need to do is:
1) Setup encryption and file systems to my liking.
2) Mount the file system hierarchy under /target.
3) Create /target/etc/fstab and /target/etc/crypttab.
4) Kick-off the regular bits after partman.
Is the above correct? Is step #4 as simple as choosing the next step
from main-menu?
On a related note, I believe the partman-crypto part of the partitioner
should allow for selecting 512 bit key sizes, as the default cipher
(aes-xts-plain64) effectively halves the chosen key size. This ought to
be a straight-forward patch.
Thanks,
--
Nate
--
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5564c500.8050...@gmail.com