Bug#517471: ability to configure the random key encryption of tmp partitions during installaion
Sorry, I sent this to the wrong address. --- On 3/1/09, M. McGowan m.mcgowan...@googlemail.com wrote: On 2/28/09, Max Vozeler x...@debian.org wrote: reassign 517471 partman-crypto thanks On Fri, Feb 27, 2009 at 06:25:23PM -0500, M. McGowan wrote: It is possible to encrypt loop-aes and dm-crypt tmp (like /tmp or /var/tmp) partitions with a random key at boot time, but the Debian installer will not configure this. The installer will only configure swap partitions like that. Have you tried configuring the partition with a random key, and then setting Use as of the encrypted partition to e.g. ext2 ? The installer should take care of setting the fstab/ crypttab flags as appropriate for tmp. If that doesn't work, it would indicate a bug we need to fix in partman-crypto. It is supposed to work for both loop-AES and dm-crypt. Max For dm-crypt, I get an error that says, You have chosen a random key type for SCSI2 (0,0,0), partition #6 (sdb) but requested the partitioner to create a file system on it. Using a random key type means that the partition data is going to be destroyed upon each reboot. This should only be used for swap partitions. Are you sure you want to use a random key? Loop-aes gives me the usual, The kernel was unable to re-read the partition table on /dev/loop0 (Invalid argument). This means Linux won't know anything about the modifications you made until you reboot. You should reboot your computer before doing anything with /dev/loop0. -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#517471: ability to configure the random key encryption of tmp partitions during installaion
On 2/27/09, M. McGowan m.mcgowan...@googlemail.com wrote: package: debian-installer severity: wishlist version: 20090123 Sorry about the spelling error in the subject, installaion should be installation. -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#517563: After installing grub to /dev/sdb with root filesystem on /dev/sdb, grub attempts to load root filesystem from /dev/sda
package: debian-installer version: 20090123 After installing grub to /dev/sdb with root the filesystem on /dev/sdb, grub attempts to load the root filesystem from /dev/sda. Apparently, grub thinks whichever hard drive it is loading from is the first hard drive, even if Linux thinks it is the second. Workaround: Manually modify grub's menu.lst There will be a line that says something like root (hd1,4). Change the first number to zero, so that example should be changed to root (hd0,4). -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#517565: After new Debian installation, boot loader attempts to load root filesystem before usb hard drive has been found
package: debian-installer version: 20090123 After a new installation of Debian, the boot loader attempted to load the root filesystem before the usb hard drive containing the root filesystem had been found. Workaround: Manually edit grub's menu.lst. There is a line starting with kernel. Add rootdelay=20 to the end of the line. A different number besides 20 may be used depending on how slow the usb hard drive is. This problem was only noticed after solving the problem of grub trying to load the root partition from the wrong drive. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517563 -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#517471: ability to configure the random key encryption of tmp partitions during installaion
package: debian-installer severity: wishlist It is possible to encrypt loop-aes and dm-crypt tmp (like /tmp or /var/tmp) partitions with a random key at boot time, but the Debian installer will not configure this. The installer will only configure swap partitions like that. Creating a random key at each boot is more secure than using the same one, since then data will be securely deleted when the key is deleted, which normally happens at shutdown. (For exceptions, read about cold boot attacks.) Random keys also spare the user the trouble of having to type a password at each boot and worrying about the security of the key and the password. A possible workaround is to configure the would-be tmp partitions as swap partitions during the installation process, and manually configure them to be tmp partitions after the first boot of the new Debian system. An fstab entry for a loop-aes encrypted swap partition, with a new random key at each boot, looks like this. /dev/sda6 noneswap sw,loop=/dev/loop0,encryption=serpent256 0 0 An fstab entry for a loop-aes encrypted tmp partition, with a new random key at each boot, looks like this. /dev/sda7 /tmpext2 defaults,loop=/dev/loop1,encryption=serpent256,phash=random/1777 0 0 More detailed documentation about loop-aes can be found in the losetup manual page. Similar functionality is available for dm-crypt. A crypttab entry for a dm-crypt encrypted swap partition, with a new random key at each boot, looks like this. sda7_crypt /dev/sda6 /dev/random cipher=serpent-cbc-essiv:sha256,size=256,swap Here is the fstab entry. /dev/mapper/sda6_crypt none swapsw0 0 A crypttab entry for a dm-crypt encrypted tmp partition, with a new random key at each boot, looks like this. sda7_crypt /dev/sda7 /dev/random cipher=serpent-cbc-essiv:sha256,size=256,tmp=ext2 Here is the fstab entry. /dev/mapper/sda7_crypt /tmp ext2defaults0 0 More detailed information about dm-crypt can be found in the manual pages cryptsetup and crypttab. Personally, I prefer to use loop-aes for this application for the following reasons: * It has a multi-key mode in which it uses 64 keys plus an additional 65th key, which makes it more secure. * It seems to be faster during boot time. Dm-crypt seems to take a long time creating the ext2 partitions. * dm-crypt might be more supported by Linux, but it is just a tmp partition, so if a kernel upgrade breaks loop-aes, there will be no data loss. -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#517138: Difficulties after pressing Ctrl+Alt+F2 to enter console after selecting a graphical install
package: debian-installer version: 20090123 When I select a graphical install, regular or expert, and press Ctrl+Alt+F2, at first things appear fine. However, when I press Ctrl+Alt+F1 to re-enter the graphical install, the graphical installation is no longer visible, and instead there are lines of text on a black background. If I had entered the console after completing the first installation step, then I can press Ctrl+C, in which case the present installation step will be aborted and I can start it again. However, if I had entered the console during the first installation step, then after pressing Ctrl+Alt+F1 and then Ctrl+C, the install hangs with error messages interrupted by subliminal flashing of the first installation step, and the system must be rebooted. I have been able to reproduce these bugs. I was trying to install Debian Lenny -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
