encrypted installation with unencrypted kernel and bootloader on USB flash drive
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
encrypted installation with unencrypted kernel and bootloader on USB flash drive
Hi,
I posted this on as ubuntu, but it's not getting any attention.
I am really excited to get into linux (ubuntu or debian or mint), but I want to encrypt my data and can't find out how to do it the way I want it done, if it's even possible.
Copy-and-paste is below.
--
I have searched a lot.
The manual partitioning in the Ubuntu install is so confusing to me. I am new to Linux.
I come from a Truecrypt-full-disk-encrypted Windows installation and I boot from CD every time, which uses the bootloader on CD.
I understand that when I install Ubuntu I can encrypt the installation hard drive, but I can choose to install bootloader and kernel (and leave them unencrypted) on a USB flash drive for maximum security.
I just can't figure out all the options. LVM volume, encrypted volume... I am so confused.
Is my scenario possible and is there already a guide out there to achieve it?
I tried manual partitioning and choosing USB flash drive partition as "mounts in /boot" But it never boots when I try to boot from that USB. I am doing something wrong.
--
When you install, have your flash drive connected and set that as a new filesystem, to be mounted on /boot. If you have multiple partitions that need to be encrypted, I recommend you store keyfiles for them on the root file system (so you can avoid LVM). For swap, if you need it, you can use a random password, or just use a swapfile.
Edit: Sorry, I missed your last sentance. Really tired. I'll come back tomorrow.
(Assuming your hard drive is /dev/sda and flash drive is /dev/sdb)
Does the installer say it's installing grub to /dev/sdb? Is your BIOS giving an error message saying no boot disk found? Make sure, in the installer, that the filesystem you're creating by boot is on a partition that's marked as bootable.
Check the Live CD you have. Many have an option "boot from Hard drive". If so, you should be able to set the computer to boot from the CD, then select that option. It normally points to the first partition on the first drive so that is where you need your boot files on the installation.
You would need to create a /boot partition on the flash drive and format it. Have you done that? You need to install Grub to the mbr of the flash. The link below explains creating a separate boot partition on Ubuntu 'after the install'.
Then, here is a video.
Around 1:22 is when it starts showing boot partition installation. But don't let me stop you from enjoying the thing from the beginning. https://www.dropbox.com/s/kou6iay9ba...730_231004.mp4
After reboot, I just get a white blinking cursor on a black screen.
I know the USB flash drive works, because using Pendrive Linux to make a bootable live-cd works with it.
So I saw that grub was installed to /dev/sdg1, it should be /dev/sdg.
If you are unable to fix this in the installer, are you willing to setup your partitions and filesystems from a live CD and then coax the installer into using them?
I CAN install in /dev/sdg, but I thought I was doing the right thing by creating sdg1 partition and installing in IT. Do i even need to create a partition on /dev/sdg?
Distribution: Fedora (typically latest release or development release)
Posts: 372
Rep:
Yes. You need a partition on sdg because you are putting /boot there. sdg1 will be the /boot partition. However, grub must be installed to /dev/sdg (MBR) as Meson has indicated.
Where you don't need partitions is /dev/sda. You can encrypt /dev/sda entirely and then create a root (ext4) file system on that block device. With this, you'd ignore any complaints the installer gives about no swap partition. To be honest, with 8-16G RAM, I don't use them at all. However, sometimes I put a file in /var/swap and use that.
1. I did new partition table on both devices to where i now see:
/dev/sda
free space
/dev/sdg/
free space
2.
You said, "Where you don't need partitions is /dev/sda" but
I HAVE to create a partition, it seems, on /dev/sda. When I double-click "free space" under /dev/sda, which do I select first:
use as Ext4
or
use as "physical wolume for encryption
?
well, maybe I got it. it looks JUST like the above screenshot, with the exception of "Device for boot loader installation" being:
/dev/sdg
instead of
/dev/sdg1
Ah, to trick the installer into not needing a partition, you can create a temporary filesystem directly on /dev/sda from a live-cd. However, if you got it working then a partitionless /dev/sda is not a big deal
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.