Page 6 of 6 FirstFirst ... 456
Results 51 to 56 of 56

Thread: Manual Full System Encryption has been updated and simplified

  1. #51
    Join Date
    Jun 2007
    Location
    Galle District
    Beans
    3,024
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: Manual Full System Encryption has been updated and simplified

    Thanks Paddy: I will give it another try as soon as I get a chance.

  2. #52
    Join Date
    May 2008
    Location
    United Kingdom
    Beans
    4,515
    Distro
    Lubuntu 16.04 Xenial Xerus

    Re: Manual Full System Encryption has been updated and simplified

    Quote Originally Posted by archphoenix View Post
    Then i fail to understand why one would copy a file from etc to itself, as the source of the copy is already there.
    I hadn't noticed that. I didn't write the script; I got it from someone else who understands this way, way more than I do!

    I'm going to test this to find out if it's a redundant line. I'll post back here once I have the results.
    Full system encryption with dual-boot (beta) —— Full Circle Magazine —— Problems with WINE?
    In my day, we had the outdoors in which to run, play, and socialise. Now people use computers for that.

  3. #53
    Join Date
    May 2008
    Location
    United Kingdom
    Beans
    4,515
    Distro
    Lubuntu 16.04 Xenial Xerus

    Re: Manual Full System Encryption has been updated and simplified

    Quote Originally Posted by Paddy Landau View Post
    I'm going to test this to find out if it's a redundant line.
    I don't pretend to understand it, but the line is required. Without it, the system is unable to get past the cryptsetup screen. So, leave it in.
    Full system encryption with dual-boot (beta) —— Full Circle Magazine —— Problems with WINE?
    In my day, we had the outdoors in which to run, play, and socialise. Now people use computers for that.

  4. #54
    Join Date
    Sep 2018
    Beans
    8

    Re: Manual Full System Encryption has been updated and simplified

    Hello, it looks like indeed the encryption key is copied to initramfs, meaning we're basically leaving the keys under the "welcome" carpet when leaving home.
    https://www.pavelkogan.com/
    Don’t forget that since the keyfile is stored on the ramdisk
    unless initramfs is encrypted, is it ?

    You may also want to use /etc/kernel/postinst.d/ scripts to reduce your script's dependency on other tools.
    Last edited by archphoenix; 1 Day Ago at 12:00 PM.

  5. #55
    Join Date
    May 2008
    Location
    United Kingdom
    Beans
    4,515
    Distro
    Lubuntu 16.04 Xenial Xerus

    Re: Manual Full System Encryption has been updated and simplified

    Quote Originally Posted by archphoenix View Post
    … it looks like indeed the encryption key is copied to initramfs
    I think that this is only temporarily on the RAM disk, not on permanent disk. On my test machine, I searched the entire hard drive (including the ESP) for a copy of crypt.system, and it was only in its correct place. Unless you show me otherwise, I'm treating this as a false alarm. But, I shall run another test in case I missed something.

    Quote Originally Posted by archphoenix View Post
    You may also want to use /etc/kernel/postinst.d/ scripts to reduce your script's dependency on other tools.
    I haven't come across this folder before. Could you tell me more about it, and how you envisage my using it, please? Remember that I'm no expert, and I've simply put together what others have created. I suspect that you would like zz-update-grub to contain the update process — if that would work, it would be a far better workaround than I currently have in place.
    Full system encryption with dual-boot (beta) —— Full Circle Magazine —— Problems with WINE?
    In my day, we had the outdoors in which to run, play, and socialise. Now people use computers for that.

  6. #56
    Join Date
    Jun 2007
    Location
    Galle District
    Beans
    3,024
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: Manual Full System Encryption has been updated and simplified

    Paddy: Thanks, very useful.
    Installation to Full install flash drive went smoothly, once I gave up trying to install from desktop and used a Live USB instead.
    Also want to encrypt the usbdata partition, (NTFS), which is importantish on a portable drive.
    The more computers a portable drive can boot the better.
    Any plans to include BIOS systems?
    Home encryption seemed to work OK, BIOS and UEFI, with a traditional install.
    I tried Sudodus' basic mkusb setup, which usually works for both.
    It worked for booting an unencrypted install on one partition on a BIOS system and booting the encrypted OS on a different partition with UEFI.
    As you warned encryption did not work on a BIOS boot.
    Last edited by C.S.Cameron; 5 Hours Ago at 03:40 AM.

Page 6 of 6 FirstFirst ... 456

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •