Cifratura di un disco in Ubuntu: Difference between revisions
m New page: ==Installazione da zero== * Viene fatto tutto da menù. ==Conversione== * Fare un tar di tutto * Configurare lvm * Configurare cryptsetup su lvm * Creare cryptroot con questo nome * Crear... |
mNo edit summary |
||
| Line 11: | Line 11: | ||
* Modificare /etc/fstab | * Modificare /etc/fstab | ||
* Reinstallare grub2 | * Reinstallare grub2 | ||
* Aggiungere | |||
/etc/default/grub | * Creare la crypttab per fare in modoc he venga richiesto al boot di aprire tutti i dispositivi: | ||
sudoedit /etc/crypttab | |||
<pre> | |||
# <target name> <source device> <key file> <options> | |||
cryptroot /dev/mapper/vg0-lv0 none luks | |||
crypthome /dev/mapper/vg0-lv1 none luks | |||
cryptswap /dev/mapper/vg0-lv2 none luks | |||
</pre> | |||
* Aggiungere la specifica di come montare la cyptroot come paraemtro del kernel | |||
sudoedit /etc/default/grub | |||
GRUB_CMDLINE_LINUX="splash cryptopts=source=/dev/mapper/vg0-lv0,target=cryptroot" | GRUB_CMDLINE_LINUX="splash cryptopts=source=/dev/mapper/vg0-lv0,target=cryptroot" | ||
sudo update-grub | |||
sudo update-initramfs -u -k all | |||
* Per i formati vedi *[http://www.debian-administration.org/articles/428#comment_3 System encryption on Debian Etch] | |||
''I am currently using everything in my message... posting from a computer with everything except /boot encrypted.'' | |||
''The swap partition is set up with a random key. I am pretty sure the luks and swap options probably don't work together, but the swap by itself works fine.'' | |||
''As for initramfs-tools, to autoconfigure it also needs the partitons to be mounted. On the other hand, you can pass all the options on the kernel command line in grub.'' | |||
root=/dev/mapper/zeuslvm-root | |||
cryptops="target=cryptroot,source=/dev/sda4,lvm=zeuslvm-root " | |||
''then this is used instead of whatever the mkinitramfs script found, so could be used the first time you boot before mkinitramfs can run correctly.'' | |||
''The lvm option tells the initramfs script to test the partiton created by the cryptmap for lvm, and if so configure it... the root= option then uses the lvm partition found. If you didn't have lvm, you could just use something like (I haven't tested this, but it should work)'' | |||
root=/dev/mapper/cryptroot | |||
cryptops="target=cryptroot,source=/dev/sda4" | |||
''As for the installer, what I did is created a 2G swap partition, and installed debian (basic) into the swap partition. I then created the crypt partition and set up lvm and everything, and then used debootstrap to install. After it was installed and booting, I tured the swap partiton back into a swap partiton.'' | |||
==Riferimenti== | ==Riferimenti== | ||
*[http://www.markus-gattol.name/ws/dm-crypt_luks.html Full-disk Encryption] | *[http://www.markus-gattol.name/ws/dm-crypt_luks.html Full-disk Encryption] | ||
Revision as of 00:46, 16 October 2011
Installazione da zero
- Viene fatto tutto da menù.
Conversione
- Fare un tar di tutto
- Configurare lvm
- Configurare cryptsetup su lvm
- Creare cryptroot con questo nome
- Creare crypthome con questo nome
- Creare crytswap con questo nome
- Modificare /etc/fstab
- Reinstallare grub2
- Creare la crypttab per fare in modoc he venga richiesto al boot di aprire tutti i dispositivi:
sudoedit /etc/crypttab
# <target name> <source device> <key file> <options> cryptroot /dev/mapper/vg0-lv0 none luks crypthome /dev/mapper/vg0-lv1 none luks cryptswap /dev/mapper/vg0-lv2 none luks
- Aggiungere la specifica di come montare la cyptroot come paraemtro del kernel
sudoedit /etc/default/grub
GRUB_CMDLINE_LINUX="splash cryptopts=source=/dev/mapper/vg0-lv0,target=cryptroot"
sudo update-grub sudo update-initramfs -u -k all
- Per i formati vedi *System encryption on Debian Etch
I am currently using everything in my message... posting from a computer with everything except /boot encrypted.
The swap partition is set up with a random key. I am pretty sure the luks and swap options probably don't work together, but the swap by itself works fine.
As for initramfs-tools, to autoconfigure it also needs the partitons to be mounted. On the other hand, you can pass all the options on the kernel command line in grub.
root=/dev/mapper/zeuslvm-root cryptops="target=cryptroot,source=/dev/sda4,lvm=zeuslvm-root "
then this is used instead of whatever the mkinitramfs script found, so could be used the first time you boot before mkinitramfs can run correctly.
The lvm option tells the initramfs script to test the partiton created by the cryptmap for lvm, and if so configure it... the root= option then uses the lvm partition found. If you didn't have lvm, you could just use something like (I haven't tested this, but it should work)
root=/dev/mapper/cryptroot cryptops="target=cryptroot,source=/dev/sda4"
As for the installer, what I did is created a 2G swap partition, and installed debian (basic) into the swap partition. I then created the crypt partition and set up lvm and everything, and then used debootstrap to install. After it was installed and booting, I tured the swap partiton back into a swap partiton.
Riferimenti
- Full-disk Encryption
- Logical Volume Manager
- cryptsetup - Setup virtual encryption devices under dm-crypt Linux - Google Project Hosting
- Installing Ubuntu 10.10 with full disk encryption «
- Gentoo Blog » Encrypted home and swap partition on Ubuntu 10.10 Maverick with auto logon
- Howto: Completly encrypted harddisk including the suspend to disk partition with Ubuntu 6.10 Edgy Eft
- How-To: encrypted partitions over LVM with LUKS | Debian/Ubuntu Tips & Tricks
- How To Migrate to a full encrypted LVM system
- Encrypted Root LVM | HowtoForge - Linux Howtos and Tutorials
- StalkR's Blog: Ubuntu 10.10->11.04 encrypted LVM fail, rebuilding initramfs, rdinit
- Resizing Encrypted Filesystems
- Resizing a dm-crypt / LVM / ext3 partition | Uwe Hermann
- Jootamam - Howto: Basic cryptsetup