Page 6 of 16 FirstFirst ... 45678 ... LastLast
Results 51 to 60 of 160

Thread: Manual Full System Encryption has been updated and simplified

  1. #51
    Join Date
    Jun 2007
    Location
    A Village in the Jungle
    Beans
    3,266
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: Manual Full System Encryption has been updated and simplified

    Thanks Paddy: I will give it another try as soon as I get a chance.

  2. #52
    Join Date
    May 2008
    Location
    United Kingdom
    Beans
    4,637
    Distro
    Lubuntu 18.04 Bionic Beaver

    Re: Manual Full System Encryption has been updated and simplified

    Quote Originally Posted by archphoenix View Post
    Then i fail to understand why one would copy a file from etc to itself, as the source of the copy is already there.
    I hadn't noticed that. I didn't write the script; I got it from someone else who understands this way, way more than I do!

    I'm going to test this to find out if it's a redundant line. I'll post back here once I have the results.

  3. #53
    Join Date
    May 2008
    Location
    United Kingdom
    Beans
    4,637
    Distro
    Lubuntu 18.04 Bionic Beaver

    Re: Manual Full System Encryption has been updated and simplified

    Quote Originally Posted by Paddy Landau View Post
    I'm going to test this to find out if it's a redundant line.
    I don't pretend to understand it, but the line is required. Without it, the system is unable to get past the cryptsetup screen. So, leave it in.

  4. #54
    Join Date
    Sep 2018
    Beans
    8

    Re: Manual Full System Encryption has been updated and simplified

    Hello, it looks like indeed the encryption key is copied to initramfs, meaning we're basically leaving the keys under the "welcome" carpet when leaving home.
    https://www.pavelkogan.com/
    Don’t forget that since the keyfile is stored on the ramdisk
    unless initramfs is encrypted, is it ?

    You may also want to use /etc/kernel/postinst.d/ scripts to reduce your script's dependency on other tools.
    Last edited by archphoenix; October 14th, 2018 at 12:00 PM.

  5. #55
    Join Date
    May 2008
    Location
    United Kingdom
    Beans
    4,637
    Distro
    Lubuntu 18.04 Bionic Beaver

    Re: Manual Full System Encryption has been updated and simplified

    Quote Originally Posted by archphoenix View Post
    … it looks like indeed the encryption key is copied to initramfs
    I think that this is only temporarily on the RAM disk, not on permanent disk. On my test machine, I searched the entire hard drive (including the ESP) for a copy of crypt.system, and it was only in its correct place. Unless you show me otherwise, I'm treating this as a false alarm. But, I shall run another test in case I missed something.

    Quote Originally Posted by archphoenix View Post
    You may also want to use /etc/kernel/postinst.d/ scripts to reduce your script's dependency on other tools.
    I haven't come across this folder before. Could you tell me more about it, and how you envisage my using it, please? Remember that I'm no expert, and I've simply put together what others have created. I suspect that you would like zz-update-grub to contain the update process — if that would work, it would be a far better workaround than I currently have in place.

  6. #56
    Join Date
    Jun 2007
    Location
    A Village in the Jungle
    Beans
    3,266
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: Manual Full System Encryption has been updated and simplified

    Paddy: Thanks, very useful.
    Installation to Full install flash drive went smoothly, once I gave up trying to install from desktop and used a Live USB instead.
    Also want to encrypt the usbdata partition, (NTFS), which is importantish on a portable drive.
    The more computers a portable drive can boot the better.
    Any plans to include BIOS systems?
    Home encryption seemed to work OK, BIOS and UEFI, with a traditional install.
    I tried Sudodus' basic mkusb setup, which usually works for both.
    It worked for booting an unencrypted install on one partition on a BIOS system and booting the encrypted OS on a different partition with UEFI.
    As you warned encryption did not work on a BIOS boot.
    Last edited by C.S.Cameron; October 16th, 2018 at 03:40 AM.

  7. #57
    Join Date
    May 2008
    Location
    United Kingdom
    Beans
    4,637
    Distro
    Lubuntu 18.04 Bionic Beaver

    Re: Manual Full System Encryption has been updated and simplified

    Quote Originally Posted by C.S.Cameron View Post
    Installation to Full install flash drive went smoothly, once I gave up trying to install from desktop and used a Live USB instead.
    That's interesting. I don't know enough to comment on this, though.
    Quote Originally Posted by C.S.Cameron View Post
    Also want to encrypt the usbdata partition, (NTFS), which is importantish on a portable drive.
    You can overwrite the existing NTFS with a LUKS partition, and decrypt it after booting. It is possible to automate the decryption by adding it to /etc/crypttab and using a file-based key, which you might name (say) /etc/crypt.ntfs. You'd need to use the UUID instead of the partition name (e.g. /dev/sdb2), as that could change from computer to computer.
    Quote Originally Posted by C.S.Cameron View Post
    Any plans to include BIOS systems?
    I wouldn't know how to do this, sorry! I guess that the information is out there somewhere.

    Thank you for sharing your results.

  8. #58
    Join Date
    Jun 2007
    Location
    A Village in the Jungle
    Beans
    3,266
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: Manual Full System Encryption has been updated and simplified

    Paddy:
    I have managed to get your full disk encryption working both BIOS and UEFI.
    Instructions: https://askubuntu.com/questions/1086...086314#1086314
    I will give encrypting the NTFS partition a try as you suggest.
    When in Something else I noticed one of the "data" partitions at the top was about the same size as my NTFS partition, Is there any relation.

  9. #59
    Join Date
    May 2008
    Location
    United Kingdom
    Beans
    4,637
    Distro
    Lubuntu 18.04 Bionic Beaver

    Re: Manual Full System Encryption has been updated and simplified

    Quote Originally Posted by C.S.Cameron View Post
    I have managed to get your full disk encryption working both BIOS and UEFI. Instructions…
    Brilliant! I've added a reference to your solution in the Advanced section of the instructions. Thank you for this.
    Quote Originally Posted by C.S.Cameron View Post
    When in Something else I noticed one of the "data" partitions at the top was about the same size as my NTFS partition, Is there any relation.
    The data partitions list shows (or should show) everything connected to your computer apart from the Live DVD or USB itself, so your NTFS partition would be included. If the partition is encrypted with VeraCrypt, it won't know the type of file system (because VeraCrypt hides this. LUKS partitions show that they are LUKS but not the contents), but if it's unencrypted, it should show that it is NTFS.
    Last edited by Paddy Landau; October 23rd, 2018 at 12:15 PM. Reason: Clarification

  10. #60
    Join Date
    Nov 2018
    Beans
    3

    Re: Manual Full System Encryption has been updated and simplified

    Hello, Paddy Landau

    I'm inexperienced ubuntu user but thanks to your great instruction I managed to run ubuntu 18.04 with dual-boot and full system encryption. I've been working without any issues for almost one month. Sadly, yesterday's software update messed up the booting menu. Instead of boot menu I get black screen with minimal BASH-like line. Fortunately, I can boot Windows 10 after typing 'exit' command. What is strange, I cannot use a basic commands inside this minimal BASH-like, for example 'ls' shows the error: "file /grub/x86_64-efi/ls.mod not found".

    Of course, I've tried to apply all steps from "Computer fails to boot after upgrade or new installation" paragraph on the page https://help.ubuntu.com/community/Ma...roubleshooting but with no effect. BTW, I don't know if warnings about "no matching swap device is available" are important.

    Code:
    ubuntu@ubuntu:~$ sudo cryptsetup open --type=luks /dev/sda4 system
    Enter passphrase for /dev/sda4: 
    ubuntu@ubuntu:~$ sudo mkdir /mnt/root
    ubuntu@ubuntu:~$ sudo mount /dev/mapper/system-root /mnt/root
    ubuntu@ubuntu:~$ sudo mount /dev/mapper/system-boot /mnt/root/boot
    ubuntu@ubuntu:~$ sudo mount /dev/sda1 /mnt/root/boot/efi
    ubuntu@ubuntu:~$ sudo mount --bind /dev /mnt/root/dev
    ubuntu@ubuntu:~$ sudo mount --bind /run /mnt/root/run
    ubuntu@ubuntu:~$ sudo chroot /mnt/root
    root@ubuntu:/# mount --types=proc proc /proc
    root@ubuntu:/#  mount --types=sysfs sys /sys
    root@ubuntu:/# update-initramfs -u -k all
    update-initramfs: Generating /boot/initrd.img-4.15.0-38-generic
    W: initramfs-tools configuration sets RESUME=/dev/mapper/system-swap
    W: but no matching swap device is available.
    update-initramfs: Generating /boot/initrd.img-4.15.0-36-generic
    W: initramfs-tools configuration sets RESUME=/dev/mapper/system-swap
    W: but no matching swap device is available.
    root@ubuntu:/# update-grub
    Generating grub configuration file ...
    Found linux image: /boot/vmlinuz-4.15.0-38-generic
    Found initrd image: /boot/initrd.img-4.15.0-38-generic
    Found linux image: /boot/vmlinuz-4.15.0-36-generic
    Found initrd image: /boot/initrd.img-4.15.0-36-generic
    Found Windows Boot Manager on /dev/sda1@/EFI/Microsoft/Boot/bootmgfw.efi
    Adding boot menu entry for EFI firmware configuration
    done
    My devices are:
    Code:
    /dev/sda1  EFI System
    /dev/sda2  Microsoft reserved
    /dev/sda3  Microsoft basic data
    /dev/sda4  Linux filesystem
    I feel lost. I will be very grateful for any clue or a piece of advice about how I can cope with it. I'm sorry for my ignorance and thanks in advance.

Page 6 of 16 FirstFirst ... 45678 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •