On Fri 29 Jul 2022 at 19:19:43 (+0100), Piscium wrote:
> When using netinst iso to install Debian, one is offered the
> possibility of guided install with encrypted LVM. if such a choice is
> made the installer fills the partition with random data. That is
> generally the correct thing to do but in some cases that is not needed
> or desired and it is an inconvenience. Is there a way to disable that?

People with more experience of preseeding might comment on
whether this suggestion would work. I notice that this option
is available, which might be what you want:

# When disk encryption is enabled, skip wiping the partitions beforehand.¹
#d-i partman-auto-crypto/erase_disks boolean false

You might wish to combine this with:

"Boot parameters can also be used if you do not really want
 to use preseeding, but just want to provide an answer for
 a specific question. Some examples where this can be useful
 are documented elsewhere in this manual."²

PS: Marco's suggestion is officially sanctioned:

  ┌──────────┤ Erasing data on SCSI1 (0,0,0), partition #5 (sda) ├──────────┐   
  │                                                                         │   
  │                                  100%                                   │   
  │                                                                         │   
  │ The installer is now overwriting SCSI1 (0,0,0), partition #5 (sda)      │   
  │ with random data to prevent meta-information leaks from the encrypted   │   
  │ volume. This step may be skipped by cancelling this action, albeit at   │   
  │ the expense of a slight reduction of the quality of the encryption.     │   
  │     <Cancel>                                                            │   
  │                                                                         │   
  └─────────────────────────────────────────────────────────────────────────┘   

I presume the quality reduction is in the hiding of metadata,
eg, being able to see the highwatermark of data quantity written,
rather than in the encryption of the actual data.

¹ halfway down
https://www.debian.org/releases/bullseye/example-preseed.txt

² § B.2.2 of
https://www.debian.org/releases/stable/amd64/apbs02.en.html

Cheers,
David.

Reply via email to