Page 13 of 13 FirstFirst ... 3111213
Results 121 to 127 of 127

Thread: Manual Full System Encryption has been updated and simplified

  1. #121
    Join Date
    Aug 2019
    Beans
    1

    Re: Manual Full System Encryption has been updated and simplified

    Hello! Could you tell me please, why is there two enabled key-slots? First (0) slot contains my password, but what about second slot (1)?

  2. #122
    Join Date
    Mar 2012
    Beans
    9

    Re: Manual Full System Encryption has been updated and simplified

    Quote Originally Posted by no95typem View Post
    Hello! Could you tell me please, why is there two enabled key-slots? First (0) slot contains my password, but what about second slot (1)?
    I think the subject has been addressed (see quotation below) : one key is for the first-stage decryption and corresponds to your password, and the other is for the rest and is automatically retrieved during first-stage decryption.
    Quote Originally Posted by Paddy Landau View Post
    Quote Originally Posted by thrdroom View Post
    The script forces me to choose two different passwords for system and data-drives. As i don’t want to overcomplicate things(in case of dataloss or crash), i want to have the same password for both drives and only one single keyfile. I think the user should have the choice to choose what he want's.
    Having the same passphrase is unnecessary, because once the system has been decrypted, it will automatically decrypt the data drive. However, if it's really what you want, all that you need to do is to replace the existing passphrase with the new one.
    Code:
    sudo cryptsetup luksChangeKey /dev/sda3   # Replace /dev/sda3 with the correct partition name.
    I could be wrong however, since I was only reading this out of curiosity and don't intend to use it right now, so I may be missing something...

  3. #123
    Join Date
    Sep 2019
    Beans
    1

    Re: Manual Full System Encryption has been updated and simplified

    Thanks for this! I found it very helpful while setting up a new install of ubuntu-19.04.


    One issue I ran into, however, was that I couldn't seem to get GRUB to open the LUKS volume at boot time. Turns out the LUKS volume was being created as LUKS2 by default, and GRUB doesn't support LUKS2 volumes.


    I resolved this by modifying encryptinstallation to force it to use LUKS1:

    Code:
    echo -n "${PASSPHRASE}" | sudo cryptsetup luksFormat --type=luks1 --hash=sha512 --key-size=512 --key-file=- ${PARTITION}

  4. #124
    Join Date
    Jul 2005
    Beans
    9

    Re: Manual Full System Encryption has been updated and simplified

    I had this problem too when trying to install with Ubuntu 19.10 on a dual boot system with Windows 10.

    The Luks1 tweek above fixed it, though I did get an error about the grub-efi-amd64-signed package not installing that I didn't get before making the tweek, but it didn't hinder booting.

    Otherwise great instructions, can't believe Canonical haven't made this the default yet.

  5. #125
    Join Date
    May 2008
    Location
    United Kingdom
    Beans
    4,566
    Distro
    Lubuntu 16.04 Xenial Xerus

    Re: Manual Full System Encryption has been updated and simplified

    Sorry for not replying to messages earlier. For some reason, Ubuntu Forums doesn't send me notifications to this specific thread until weeks afterwards.

    Thank you NovHak, blaxpot and raif for your responses.
    Quote Originally Posted by no95typem View Post
    … why is there two enabled key-slots? First (0) slot contains my password, but what about second slot (1)?
    The first passphrase is for your system partition, and the second for your data partition.

  6. #126
    Join Date
    Dec 2019
    Beans
    1

    Re: Manual Full System Encryption has been updated and simplified

    @Paddy -- I just want to join on the well-deserved praise and thanks for all of the effort you've put in to this. It really is tremendous -- I've been using Ubuntu for 12 years now, and this is one of the best, most thorough guides I've seen. Cheers!

    I just had the dreaded grub/kernel update causes failure to boot, and the steps in your troubleshooting guide [1] saved my bacon! Phwew, what a huge relief that is! I'm really in awe of the work you've done on all of this!

    One minor suggestion on the troubleshooting page -- I wasn't able to get it to work initially, because I wasn't reading carefully enough and the string "PARTITION" is used in two places to mean two things... I kept putting my system partition in the slot where I should have been putting my EFI partition. So my suggestion, which of course you can take or leave, would be to disambiguate those strings in steps 4 and 5 by specifying SYSTEM_PARTITION and EFI_PARTITION, as follows:

    4. To unlock your partition, enter the following command. Replace /dev/SYSTEM_PARTITION with your system partition, e.g. /dev/sda5 or /dev/nvme01n1p5. You will be prompted for your system passphrase.


    • sudo cryptsetup open --type=luks /dev/SYSTEM_PARTITION system

    5. Mount your system partition. Replace /dev/EFI_PARTITION with your EFI System Partition (ESP), e.g. /dev/sda2 or /dev/nvme01n1p2.


    • sudo mkdir /mnt/root
      sudo mount /dev/mapper/system-root /mnt/root
      sudo mount /dev/mapper/system-boot /mnt/root/boot
      sudo mount /dev/EFI_PARTITION /mnt/root/boot/efi


    Again, thanks so much!


    [1] https://help.ubuntu.com/community/Ma...roubleshooting

  7. #127
    Join Date
    May 2008
    Location
    United Kingdom
    Beans
    4,566
    Distro
    Lubuntu 16.04 Xenial Xerus

    Re: Manual Full System Encryption has been updated and simplified

    Quote Originally Posted by ersatz-logins View Post
    … disambiguate those strings…
    Thanks for kind words and your suggestion. I like your suggestion. I've also bolded the names in the instructions.

    I have a feeling that these instructions won't work on 20.04 (the next LTS). I do wish that Canonical would take this issue seriously!

Page 13 of 13 FirstFirst ... 3111213

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •