Re: d-i beta3, raid, loop-aes and lvm
Hi Philipp, On Thu, Oct 05, 2006 at 01:27:41AM +0200, Philipp Engel wrote: Am 03.10.2006 um 15:32 schrieb David Härdeman: On Tue, October 3, 2006 15:16, Philipp Engel said: Is that a bug, or is it just not possible? If memory serves me right, the loop-AES utils do not have support (yet) for automatically setting up the LVM volume after the encrypted module has been setup. In addition the loop-AES tools lack the initramfs integration to do the work (in the initramfs) for setting up the root partition. Max talks about only having to tell partman-lvm that it may consider loop devices as valid backing devices. Your description of the solution in contrast sounds far more time consuming and difficult...:) So, can you tell me what's to do? It is probably both. :-) David correctly points out that there is no special handling for LVM on loop-AES devices in the installed system. This could mean that LVM setup happens before there is a chance to setup loop-AES. The change to partman-lvm is probably required for partman-crypto to actually offer this kind of setup, regardless of whether it would work or not. I have little idea what's actually missing though as I have never tried. About what can be done: In case you decide to build such a setup manually, you could take notes of the steps that were required to get a working setup and all problems you encountered; I think such notes would be extremely useful for documentation on the wiki or so, but even more because they would tell us exactly what needs to be done in order to add support for it to partman-crypto and the loop-aes init scripts. I have checked out the source code of the debian installer and am currently reading the documentation, which is a good amount of text. I will see if I can manage to create my own boot disk, that will be an adventure already :) Good luck. Feel welcome to ask any questions on this list (or off-list if they concern only loop-AES in the installed system). cheers, Max -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: d-i beta3, raid, loop-aes and lvm
Hello David and Max, thank you for your replies. Am 03.10.2006 um 15:32 schrieb David Härdeman: On Tue, October 3, 2006 15:16, Philipp Engel said: Is that a bug, or is it just not possible? If memory serves me right, the loop-AES utils do not have support (yet) for automatically setting up the LVM volume after the encrypted module has been setup. In addition the loop-AES tools lack the initramfs integration to do the work (in the initramfs) for setting up the root partition. Max talks about only having to tell partman-lvm that it may consider loop devices as valid backing devices. Your description of the solution in contrast sounds far more time consuming and difficult...:) So, can you tell me what's to do? I have checked out the source code of the debian installer and am currently reading the documentation, which is a good amount of text. I will see if I can manage to create my own boot disk, that will be an adventure already :) For now, your alternatives are to use dm-crypt or to implement the missing pieces in the loop-AES packages. I installed using dm-crypt now, but I really would like to try loop- aes. I hope I will find the time to take a look at partman-crypt :) Philipp -- They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. Benjamin Franklin http://www.filzip.com PGP.sig Description: Signierter Teil der Nachricht
d-i beta3, raid, loop-aes and lvm
Hello, I want to encrypt my whole debian installation (/, swap, everything) using loop-aes. Also, I want a software-raid1 for data security. As I will have at least a root and a home partition, I wanted to try the following using partman during the installation. Create a raid-device, then, create a loop-aes loopback-device on top of that. And finally, use LVM on top of that to create some logical volumes. I nest the LVM stuff in the encrypted device so that I only have to enter the password once during the boot process. Sadly, this does not work. I can create the raid and loop-device on top, but then the installer does not allow me to put lvm into it, but only one normal partition (e.g. ext3). I'm using the etch netinst cd downloaded some days ago, on a i386 platform. A friend of mine succeded trying this using dm-crypt instead of loop- aes. Is that a bug, or is it just not possible? Philipp -- They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. Benjamin Franklin http://www.filzip.com PGP.sig Description: Signierter Teil der Nachricht
Re: d-i beta3, raid, loop-aes and lvm
Hi Philipp, On Tue, Oct 03, 2006 at 03:16:49PM +0200, Philipp Engel wrote: I nest the LVM stuff in the encrypted device so that I only have to enter the password once during the boot process. Sadly, this does not work. I can create the raid and loop-device on top, but then the installer does not allow me to put lvm into it, but only one normal partition (e.g. ext3). Yes, that is a known limitation. Although there are no fundamental reasons why LVM-on-loop-AES should not work, partman-lvm currently does not consider /dev/loop* valid backing devices for LVM and so won't offer the Use for LVM option. This should be relatively easy to fix, but I haven't manged to find time for it yet, unfortunately. A friend of mine succeded trying this using dm-crypt instead of loop-aes. partman-lvm knows about dm-crypt encrypted devices and explicitly allows them to be used for LVM. cheers, Max -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: d-i beta3, raid, loop-aes and lvm
On Tue, October 3, 2006 15:16, Philipp Engel said: Create a raid-device, then, create a loop-aes loopback-device on top of that. And finally, use LVM on top of that to create some logical volumes. ... Is that a bug, or is it just not possible? If memory serves me right, the loop-AES utils do not have support (yet) for automatically setting up the LVM volume after the encrypted module has been setup. In addition the loop-AES tools lack the initramfs integration to do the work (in the initramfs) for setting up the root partition. Therefore, lvm and/or root on LVM is disabled in partman-crypto since you'd be left with an unbootable system. For now, your alternatives are to use dm-crypt or to implement the missing pieces in the loop-AES packages. -- David Härdeman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]