I've just finished a similar installation with the Lenny beta 2 installer (encrypted lvm on bootable usb flash drive)
re Problem 1: I was able to delete the swap partition with your advise: deleting both partitions, then the volumes, then making one volume. Kinda cumbersome ... I guess it would be nice if there was a prompt about swap vs. no swap, but it's also nice not to bother most people with it. re Problem 2: this time I didn't dd my drive ahead of time, I just let the installer do its thing :P re Problem 3: STILL A BIG PROBLEM. Here are the boot messages: Uncompressing Linux... Ok, booting the kernel. Loading, please wait... Volume group "socrates" not found Setting up cryptographic volume sda2_crypt (based on /dev/sda2) cryptsetup: Source device /dev/sda2 not found [... wait about 5 seconds ...] sd 0:0:0:0: [sda] Assuming drive cache: write through sd 0:0:0:0: [sda] Assuming drive cache: write through [... forehead -> desk ...] [... wait about a minute, then it drops to busybox because the /dev/mapper/socrates-root_vol does not exist ...] so, it looks like I will have to manually reroll the initramfs again. If you want me to test again with a later version, I'll try and figure out a way to do that :) ~David. On Monday 28 July 2008 9:50 am, Jérémy Bobbio wrote: > On Sun, Jul 06, 2008 at 01:21:00PM -0700, David L. Emerson wrote: > > Image version: debian-40r3-i386-netinst.iso > > […] > > > > This computer supports booting from USB, so I decided to install debian > > on a USB Flash drive. I wanted an encrypted root partition. > > > > PROBLEM 1. I first tried the "automatic" encrypted LVM setup. It > > insisted upon making a swap partition, and I was unable to delete that > > partition. Of course I don't want a swap partition on a flash based > > drive. I ultimately had to back up several steps and do a manual setup. > > The automatic encrypted LVM setup create the swap partition as a Logical > Volume. The easiest (but not obvious) way to get rid of it would have > been to: > * go to "Configure the Logical Volume Manager", > * remove both Logical Volumes (swap_1 and root), > * create a new Logical Volume (root), > * apply those changes, > * configure the newly created Logical Volume (root) as / > > We could probably manage to detect that we are partitioning a Solid > State Device, and skip the creation of a swap partition, but this would > require a fair amount of changes in partman. I doubt anyone will be > working on that in the d-i team, but patches are more than welcome. > > > PROBLEM 2. Before I started the install, I used dd if=/dev/urandom > > of=/dev/sda to write random data to the drive, which makes cracking an > > encrypted partition/drive much more difficult. However, the debian > > installer insisted on writing (zeros?) to the to-be-encrypted partition > > before formatting. This was very time consuming, wasteful/redundant, > > and perhaps a security liability as well. In fact, the installer did > > this several times due to problem 1 ;) > > I should be able to skip that writing since I already did it myself. > > The installer is not writing zeros. It is actually doing a similar > process than the one you did by yourself! :) > > It can be avoided though when using manual partitioning, by switching > "Erase data" to "no" while configuring the partition used as "physical > volume for encryption". > > > PROBLEM 3. System would not boot!! ..... > > > > It brought up the grub menu just fine, and began loading the kernel and > > initramfs. The problem occured when it tried to configure lvm > > (/usr/share/initramfs-tools/scripts/local-top/lvm) -- the kernel had > > not yet detected the presence of the USB Flash drive! Thus the call to > > activate_vg "$ROOT" was doomed to failure, since udev had not yet > > discovered the root device. A few seconds after the failure messages, > > udev discovered the device -- udev had "settled" before running > > local-top, but the USB event came later. > > […] > > AFAIK, a lot of related issues have been fixed for Lenny. If you could > give it a try, it would be great. > > Cheers, > -- > Jérémy Bobbio .''`. > [EMAIL PROTECTED] : :Ⓐ : # apt-get install anarchism > `. `'` > `- > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]