Re: disk encryption
On Fri, Jan 15, 2016 at 1:52 AM, Chris Murphy wrote: > Slightly off topic: Android and Cyanogenmod have an encryption option, it > converts the user data volume in place, and its reversible. > > Does anyone know what they're leveraging to do this? If it were only in > Google's Android I might guess it's one of those proprietary parts, but it's > definitely in Cyanogenmod also. Seems like that could be leveraged, not in > the O.P.'S case, but by desktop Linux. > > Kind annoying this is an install option only right now. Well look at that, looks like a new LUKS format is in our future. And so is live conversion. https://devconfcz2016.sched.org/event/5nsA/the-future-of-disk-encryption-with-luks2 -- Chris Murphy -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: disk encryption
On 01/15/2016 11:52 AM, Roberto Ragusa wrote: On 01/15/2016 04:58 PM, Robert Nichols wrote: 3. Copy the decrypted data directly back to the partition at the correct offset (4096 sectors assumed here): dd if=/dev/mapper/mysource bs=$((4096*512)) of=/dev/sda1 seek=1 4. Adjust the partition table to add 4096 sectors to the starting LBA for sda1 without moving the ending LBA. You are decrypting in place and then moving forward the beginning of the partition to skip over the missing luks header (which you then clean in step 5). OOPS!! There is a nasty mistake on my part there. Zeroing out the first two megabytes _after_ adjusting the partition table would wipe out the first two megabytes of the filesystem. Steps 4 and 5 have to be reversed: 1. Determine the size of the LUKS header. (I'll use /dev/sda1 as the encrypted partition -- yours may differ.) cryptsetup luksDump /dev/sda1 | grep "Payload offset" That offset is the number of 512-byte sectors, probably 4096. If different, replace "4096" with the correct number in everything that follows. 2. Unlock the partition: cryptsetup luksOpen /dev/sda1 mysource 3. Copy the decrypted data directly back to the partition at the correct offset (4096 sectors assumed here): dd if=/dev/mapper/mysource bs=$((4096*512)) of=/dev/sda1 seek=1 4. Zero out the LUKS header: dd if=/dev/zero bs=$((4096*512)) count=1 of=/dev/sda1 5. Adjust the partition table to add 4096 sectors to the starting LBA for sda1 without moving the ending LBA. 6. Make adjustments to /etc/fstab and any GRUB references to the formerly encrypted partition. 7. Say a prayer and boot your system. -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: disk encryption
> On 01/14/2016 06:40 PM, Jeffrey Ross wrote: >> I installed Fedora 23 on a Laptop a while back and I decided to use disk >> encryption. At this point I find the disk encryption to be more of a >> hindrance and would like to remove it. >> >> Am I correct that it may simply be easier to re-install the system >> rather than try to remove the encryption or is there an easy way to >> remove it? > > You're not saying if you encrypted the whole system or no. > > To remove the encryption, you'll need to reformat any encrypted > partitions, which means moving your data somewhere else. > > Now, if you only encrypted the /home partition and had enough space on > other partitions, you could move the data away, reformat the partition > /home is situated, and move the data back. > > In general you'll have to reinstall. can't look at the system at the moment to know what filesystem type I used, I probably used xfs and I did encrypt all volumes as I think that was the default when I chose filesystem encryption at install time. filesystems are (from memory) /boot, /, /home so maybe luksipc may or may not be an option. Based upon the responses and how little I've actually done on the system it may simply be easier to just do a re-install. Thanks Jeff -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: disk encryption
On 01/15/2016 04:58 PM, Robert Nichols wrote: > 3. Copy the decrypted data directly back to the partition at the >correct offset (4096 sectors assumed here): > dd if=/dev/mapper/mysource bs=$((4096*512)) of=/dev/sda1 seek=1 > 4. Adjust the partition table to add 4096 sectors to the starting >LBA for sda1 without moving the ending LBA. You are decrypting in place and then moving forward the beginning of the partition to skip over the missing luks header (which you then clean in step 5). Wouldn't be better to decrypt while shifting everything back and then (eventually) resize the filesystem to gain the extra space at the end of the partition? The final partition layout would be certainly cleaner and the process is simpler (remove "seek=1" and skip step 4 and step 5) (but I agree that your approach is easier to revert) Regards. -- Roberto Ragusamail at robertoragusa.it -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: disk encryption
On 01/14/2016 08:40 PM, Jeffrey Ross wrote: I installed Fedora 23 on a Laptop a while back and I decided to use disk encryption. At this point I find the disk encryption to be more of a hindrance and would like to remove it. Am I correct that it may simply be easier to re-install the system rather than try to remove the encryption or is there an easy way to remove it? It can be done, but you'd damned well better have a good backup since any mistake or glitch will probably be fatal. 1. Determine the size of the LUKS header. (I'll use /dev/sda1 as the encrypted partition -- yours may differ.) cryptsetup luksDump /dev/sda1 | grep "Payload offset" That offset is the number of 512-byte sectors, probably 4096. If different, replace "4096" with the correct number in everything that follows. 2. Unlock the partition: cryptsetup luksOpen /dev/sda1 mysource 3. Copy the decrypted data directly back to the partition at the correct offset (4096 sectors assumed here): dd if=/dev/mapper/mysource bs=$((4096*512)) of=/dev/sda1 seek=1 4. Adjust the partition table to add 4096 sectors to the starting LBA for sda1 without moving the ending LBA. 5. Zero out the LUKS header: dd if=/dev/zero bs=$((4096*512)) count=1 of=/dev/sda1 6. Make adjustments to /etc/fstab and any GRUB references to the formerly encrypted partition. 7. Say a prayer and boot your system. Oh yes, it's absolute necessary to do this from some recovery media with the partition unmounted. -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: disk encryption
Slightly off topic: Android and Cyanogenmod have an encryption option, it converts the user data volume in place, and its reversible. Does anyone know what they're leveraging to do this? If it were only in Google's Android I might guess it's one of those proprietary parts, but it's definitely in Cyanogenmod also. Seems like that could be leveraged, not in the O.P.'S case, but by desktop Linux. Kind annoying this is an install option only right now. Chris Murphy -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: disk encryption
I think you can get rid of disk encryption using luksipc. Here is what I did when I had to do the reverse process: https://lists.fedoraproject.org/pipermail/users/2015-December/467195.html Not completely sure it will help, but I think luksipc should have the potential to work. Best wishes, Ranjan On Thu, 14 Jan 2016 21:40:56 -0500 Jeffrey Ross wrote: > I installed Fedora 23 on a Laptop a while back and I decided to use disk > encryption. At this point I find the disk encryption to be more of a > hindrance and would like to remove it. > > Am I correct that it may simply be easier to re-install the system > rather than try to remove the encryption or is there an easy way to > remove it? > > Thanks, Jeff > -- > users mailing list > users@lists.fedoraproject.org > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org -- Important Notice: This mailbox is ignored: e-mails are set to be deleted on receipt. Please respond to the mailing list if appropriate. For those needing to send personal or professional e-mail, please use appropriate addresses. FREE 3D MARINE AQUARIUM SCREENSAVER - Watch dolphins, sharks & orcas on your desktop! Check it out at http://www.inbox.com/marineaquarium -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: disk encryption
On 01/14/2016 06:40 PM, Jeffrey Ross wrote: I installed Fedora 23 on a Laptop a while back and I decided to use disk encryption. At this point I find the disk encryption to be more of a hindrance and would like to remove it. Am I correct that it may simply be easier to re-install the system rather than try to remove the encryption or is there an easy way to remove it? You're not saying if you encrypted the whole system or no. To remove the encryption, you'll need to reformat any encrypted partitions, which means moving your data somewhere else. Now, if you only encrypted the /home partition and had enough space on other partitions, you could move the data away, reformat the partition /home is situated, and move the data back. In general you'll have to reinstall. -- Susi Lehtola Fedora Project Contributor jussileht...@fedoraproject.org -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org