LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 07-18-2011, 11:30 PM   #1
xtiansimon
Member
 
Registered: Nov 2009
Posts: 30

Rep: Reputation: 0
Help me understand how cryptsetup works and confirm it can't be used with GParted...


Upgrading F11 to F15 I've decided to encrypt the disk. Anaconda appears to have limited support for custom disk partitions (mine is dual boot). The result of my second install attempt was a PV boot and LVM VG with home, root, and swap. The problem is these LVs each have their own encryption! The Fedora documentation only gives instructions for encrypting during Anaconda install process and after a system is installed.

----------
From research and discussions I uncovered an alternative where the the VG is only encrypted "bit" of the partitioned drive. Then I can install Fedora using a spin disk or the 4G iso with Anaconda. This would make an encrypted Fedora system with a single unencrypt passphrase. What I am not clear on is the step to create the LVs.

Reading cryptsetup docs and the above examples I conclude LuksOpen and LuksClose commands "bookend" the LVM linux commands pvcreate, vgcreate, and lvcreate. Then I won't need to use gparted the graphical disk partitioning tool, yes?

Since I will be deleting my system, I need do all of this from a liveCD like gparted, or a Fedora spin liveCD. And this disk needs to have the LVM commands pvcreate, vgcreate, lvcreate, and cryptsetup-luks, and dm-crypt packages?

Once the VG is encrypted and the LVs are added then I can launch the Fedora spin CDROM or Anaconda DVD to complete the install?

Does this sound correct? Am I missing anything? Is there an easier way to do this? (^_^)
 
Old 07-19-2011, 11:46 AM   #2
mrmnemo
Member
 
Registered: Aug 2009
Distribution: linux
Posts: 527

Rep: Reputation: 51
Quote:
From research and discussions I uncovered an alternative where the the VG is only encrypted "bit" of the partitioned drive. Then I can install Fedora using a spin disk or the 4G iso with Anaconda. This would make an encrypted Fedora system with a single unencrypt passphrase.
yes. you can break up your physical drive to have a NON encrypted BOOT( say /dev/sda1) and then create an LVM partition with fdisk ( say /dev/sda2). Now , if you want a single key to unlock the whole thing I would go that route. However, you might want to take a closer look at WHAT should be encrypted. While the overhead in terms of speed is not that bad, some things dont need to be encrypted ( /sbin /bin, etc). Also, you may already know this, but once you unlock it the drive the encryption is gone ( i.e. : it can be accessed via the net , etc.). If your using a laptop and you encrypt the whole drive things might get slow when you go to boot up.


Quote:
Reading cryptsetup docs and the above examples I conclude LuksOpen and LuksClose commands "bookend" the LVM linux commands pvcreate, vgcreate, and lvcreate. Then I won't need to use gparted the graphical disk partitioning tool, yes?
Once you create your VG ( say /dev/fedora) and add your lv's ( say /dev/fedora/ROOT {home, etc}) you will be able to mount them via the installer in fedora. I found it very straight forward to use fdisk, pvcreate,etc rather than any GUI tool. As too using cfdisk, it kinda like fdisk if your talking about from the CLI. I prefer fdisk.

Quote:
Since I will be deleting my system, I need do all of this from a liveCD like gparted, or a Fedora spin liveCD. And this disk needs to have the LVM commands pvcreate, vgcreate, lvcreate, and cryptsetup-luks, and dm-crypt packages?
I have not installed fedora in awhile; however, you should be able to perform everything you need to with the install cd. The only thing may be the gui. I do think you can do all this with the install cd partitioning tool though. Might google installing fedora to luks.

Quote:
Once the VG is encrypted and the LVs are added then I can launch the Fedora spin CDROM or Anaconda DVD to complete the install?
Should do. You could run all your commands from the live cd as well via the terminal.

Hope this helps
 
Old 07-20-2011, 03:51 PM   #3
xtiansimon
Member
 
Registered: Nov 2009
Posts: 30

Original Poster
Rep: Reputation: 0
Thanks for taking the time to reply in detail.

These notes are the culmination of all my research. Unless there is something I'm missing, then this is what I'm gonna do the first chance I get.
----------------------------------------------
One other thing. I want to put my home directory in,
/home/my_computer_name/Xtian
instead of the default,
/home/Xtian
I've not installed with a separate /home partition before. Will someone tell me (presumably someone who installs a lot of systems) if If I make this directory in advance of the installer, will Anaconda honor this file structure?

Last edited by xtiansimon; 07-21-2011 at 06:11 AM. Reason: another question
 
  


Reply

Tags
encryption, fedora


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] understand how traffic control tc works ano Linux - Kernel 2 01-18-2011 05:55 AM
"mkinitrd -C" Option works only with luksFormat'ed, not with cryptsetup'ed devices paliga Linux - Security 0 12-31-2010 06:35 AM
Newbie,ppc64: a problem with portage, trying to understand how gentoo works NoWone Gentoo 1 12-28-2009 05:50 PM
Does anyone understand why the audio works, but will not come through my TV? maestro52 Fedora 1 12-15-2009 07:00 PM
probs with cryptsetup ankscorek Linux - Security 5 02-15-2006 04:13 AM


All times are GMT -5. The time now is 05:55 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration