LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   Help me understand how cryptsetup works and confirm it can't be used with GParted... (http://www.linuxquestions.org/questions/linux-software-2/help-me-understand-how-cryptsetup-works-and-confirm-it-cant-be-used-with-gparted-892414/)

xtiansimon 07-18-2011 11:30 PM

Help me understand how cryptsetup works and confirm it can't be used with GParted...
 
Upgrading F11 to F15 I've decided to encrypt the disk. Anaconda appears to have limited support for custom disk partitions (mine is dual boot). The result of my second install attempt was a PV boot and LVM VG with home, root, and swap. The problem is these LVs each have their own encryption! The Fedora documentation only gives instructions for encrypting during Anaconda install process and after a system is installed.

----------
From research and discussions I uncovered an alternative where the the VG is only encrypted "bit" of the partitioned drive. Then I can install Fedora using a spin disk or the 4G iso with Anaconda. This would make an encrypted Fedora system with a single unencrypt passphrase. What I am not clear on is the step to create the LVs.

Reading cryptsetup docs and the above examples I conclude LuksOpen and LuksClose commands "bookend" the LVM linux commands pvcreate, vgcreate, and lvcreate. Then I won't need to use gparted the graphical disk partitioning tool, yes?

Since I will be deleting my system, I need do all of this from a liveCD like gparted, or a Fedora spin liveCD. And this disk needs to have the LVM commands pvcreate, vgcreate, lvcreate, and cryptsetup-luks, and dm-crypt packages?

Once the VG is encrypted and the LVs are added then I can launch the Fedora spin CDROM or Anaconda DVD to complete the install?

Does this sound correct? Am I missing anything? Is there an easier way to do this? (^_^)

mrmnemo 07-19-2011 11:46 AM

Quote:

From research and discussions I uncovered an alternative where the the VG is only encrypted "bit" of the partitioned drive. Then I can install Fedora using a spin disk or the 4G iso with Anaconda. This would make an encrypted Fedora system with a single unencrypt passphrase.
yes. you can break up your physical drive to have a NON encrypted BOOT( say /dev/sda1) and then create an LVM partition with fdisk ( say /dev/sda2). Now , if you want a single key to unlock the whole thing I would go that route. However, you might want to take a closer look at WHAT should be encrypted. While the overhead in terms of speed is not that bad, some things dont need to be encrypted ( /sbin /bin, etc). Also, you may already know this, but once you unlock it the drive the encryption is gone ( i.e. : it can be accessed via the net , etc.). If your using a laptop and you encrypt the whole drive things might get slow when you go to boot up.


Quote:

Reading cryptsetup docs and the above examples I conclude LuksOpen and LuksClose commands "bookend" the LVM linux commands pvcreate, vgcreate, and lvcreate. Then I won't need to use gparted the graphical disk partitioning tool, yes?
Once you create your VG ( say /dev/fedora) and add your lv's ( say /dev/fedora/ROOT {home, etc}) you will be able to mount them via the installer in fedora. I found it very straight forward to use fdisk, pvcreate,etc rather than any GUI tool. As too using cfdisk, it kinda like fdisk if your talking about from the CLI. I prefer fdisk.

Quote:

Since I will be deleting my system, I need do all of this from a liveCD like gparted, or a Fedora spin liveCD. And this disk needs to have the LVM commands pvcreate, vgcreate, lvcreate, and cryptsetup-luks, and dm-crypt packages?
I have not installed fedora in awhile; however, you should be able to perform everything you need to with the install cd. The only thing may be the gui. I do think you can do all this with the install cd partitioning tool though. Might google installing fedora to luks.

Quote:

Once the VG is encrypted and the LVs are added then I can launch the Fedora spin CDROM or Anaconda DVD to complete the install?
Should do. You could run all your commands from the live cd as well via the terminal.

Hope this helps

xtiansimon 07-20-2011 03:51 PM

Thanks for taking the time to reply in detail.

These notes are the culmination of all my research. Unless there is something I'm missing, then this is what I'm gonna do the first chance I get.
----------------------------------------------
One other thing. I want to put my home directory in,
/home/my_computer_name/Xtian
instead of the default,
/home/Xtian
I've not installed with a separate /home partition before. Will someone tell me (presumably someone who installs a lot of systems) if If I make this directory in advance of the installer, will Anaconda honor this file structure?


All times are GMT -5. The time now is 05:37 PM.