On Fri 29 Jul 2022 at 19:19:43 (+0100), Piscium wrote: > When using netinst iso to install Debian, one is offered the > possibility of guided install with encrypted LVM. if such a choice is > made the installer fills the partition with random data. That is > generally the correct thing to do but in some cases that is not needed > or desired and it is an inconvenience. Is there a way to disable that?
People with more experience of preseeding might comment on whether this suggestion would work. I notice that this option is available, which might be what you want: # When disk encryption is enabled, skip wiping the partitions beforehand.¹ #d-i partman-auto-crypto/erase_disks boolean false You might wish to combine this with: "Boot parameters can also be used if you do not really want to use preseeding, but just want to provide an answer for a specific question. Some examples where this can be useful are documented elsewhere in this manual."² PS: Marco's suggestion is officially sanctioned: ┌──────────┤ Erasing data on SCSI1 (0,0,0), partition #5 (sda) ├──────────┐ │ │ │ 100% │ │ │ │ The installer is now overwriting SCSI1 (0,0,0), partition #5 (sda) │ │ with random data to prevent meta-information leaks from the encrypted │ │ volume. This step may be skipped by cancelling this action, albeit at │ │ the expense of a slight reduction of the quality of the encryption. │ │ <Cancel> │ │ │ └─────────────────────────────────────────────────────────────────────────┘ I presume the quality reduction is in the hiding of metadata, eg, being able to see the highwatermark of data quantity written, rather than in the encryption of the actual data. ¹ halfway down https://www.debian.org/releases/bullseye/example-preseed.txt ² § B.2.2 of https://www.debian.org/releases/stable/amd64/apbs02.en.html Cheers, David.
