Page 7 of 16 FirstFirst ... 56789 ... LastLast
Results 61 to 70 of 157

Thread: Manual Full System Encryption has been updated and simplified

  1. #61
    Join Date
    May 2008
    Location
    United Kingdom
    Beans
    4,634
    Distro
    Lubuntu 18.04 Bionic Beaver

    Re: Manual Full System Encryption has been updated and simplified

    Hello condorview

    You are brave, doing this as an inexperienced Ubuntu user!

    I'm sorry that you're having trouble, and I confess that I'm also somewhat mystified.

    Regarding the "no matching swap device", this should not be a problem, as Ubuntu will run just fine during this process without swap.

    Please will you repeat the troubleshooting process, except that when you get to step 7 ("Fix Grub"), do the following.
    • Don't issue the commands update-initransfm and update-grub.
    • Instead, enter the following command:
      refreshgrub
      This command might take a minute or two to run.
      If you see errors saying, "File descriptor … leaked on vgs invocation…", ignore them.
    • Continue with steps 8 and 9.

    Please let me know what happens.
    Last edited by Paddy Landau; November 6th, 2018 at 05:48 PM. Reason: Simplification and extra information

  2. #62
    Join Date
    Nov 2018
    Beans
    3

    Re: Manual Full System Encryption has been updated and simplified

    Great! It works!

    Thank you, very much. FYI, I wouldn't be so brave unless your instruction was so professional and easy to understand Ubuntu is my extra OS now but I expect it will be the first one in the near future. Many hard days ahead of me although with helpful community I am going to make it.

    BTW, I was thinking about applying "grub-install /dev/sda". Would it be a good idea?

    Edit: I had to run "fsck /dev/mapper/system-root" because boot process dropped to the BusyBox shell after restarting. So maybe some problems with my disc caused troubles with grub.
    Last edited by condorview; November 6th, 2018 at 09:44 PM. Reason: Extra information

  3. #63
    Join Date
    May 2008
    Location
    United Kingdom
    Beans
    4,634
    Distro
    Lubuntu 18.04 Bionic Beaver

    Re: Manual Full System Encryption has been updated and simplified

    Quote Originally Posted by condorview View Post
    Great! It works!
    Fabulous! I've adjusted the troubleshooting instructions to do this instead.

    And, thank you for your kind words.

    Quote Originally Posted by condorview View Post
    I was thinking about applying "grub-install /dev/sda". Would it be a good idea?
    Probably not. Grub installation has already been done, otherwise you wouldn't have been able to boot.

    Quote Originally Posted by condorview View Post
    I had to run "fsck /dev/mapper/system-root" because boot process dropped to the BusyBox shell after restarting. So maybe some problems with my disc caused troubles with grub.
    There's no BusyBox on Ubuntu It's the command line, also called CLI (command line interface), the console, or the terminal.

    Your system should automatically run fsck on boot if it spots any inconsistencies; every 30 boots or something like that; or if it sees the file /forcefsck. However, it doesn't hurt to run it manually. I would add a couple of options to the command, as follows (note the capitalisation):
    Code:
    fsck -CMf /dev/mapper/system-root
    • -C — Display a progress bar
    • -M — Don't run if the file system is already mounted (to prevent data corruption).
    • -f — Force a full check even if no inconsistencies were spotted.

  4. #64
    Join Date
    Nov 2018
    Beans
    3

    Re: Manual Full System Encryption has been updated and simplified

    Thanks again

    As to BusyBox I came across a similar issue as descibed in the answer https://askubuntu.com/questions/1376.../817660#817660

  5. #65
    Join Date
    May 2008
    Location
    United Kingdom
    Beans
    4,634
    Distro
    Lubuntu 18.04 Bionic Beaver

    Re: Manual Full System Encryption has been updated and simplified

    Quote Originally Posted by condorview View Post
    As to BusyBox…
    Oh… maybe I'm wrong! It looks as though BusyBox is attached to initramfs.

  6. #66
    Join Date
    Jul 2010
    Beans
    29

    Re: Manual Full System Encryption has been updated and simplified

    Quote Originally Posted by Paddy Landau View Post
    I have updated the documentation for Manual Full System Encryption, and vastly simplified it in the process.

    For those who don't know, this allows you to encrypt everything including /boot, excluding the EFI System Partition for obvious reasons, and it plays nicely with other systems, e.g. Windows.

    If you choose to try it, please let me know (in this thread) if it works for you and if you find any bugs in the documentation or the process.

    Whether or not it works, it would be helpful to know which flavour and version you use.

    Please read the warnings and caveats before deciding whether or not to use it. Ignoring them could leave you disappointed.

    If you like it, and want Canonical to officially implement it or something like it in the Installer, please support the request (log in and select the green writing at the top left).

    Thank you
    Paddy, thank you very much for updating the documentation. However, I would like to suggest some constructive feedback regarding the documentation.

    I noticed you made significant revisions to the original ManualFullSystemEncryption/DetailedProcess guide (and the sub-pages) which was originally written by @slickymaster. The original guide has manual step by step guide which also explained the commands on the exact process for setup/installation of Ubuntu with encrypted partition. Your revision replaced the step by step guide with an "automated" script. I think the new guide no longer holds the spirit of the original guide showing how to "manually" encrypt. I think the manual steps and commands in the guide was very usefully and taught the readers on the exact process. The automated script you created is very helpful, however, I think we should append it to the original guide instead of replacing it.

    I think the original ManualFullSystemEncryption guide was one of the few very well written guides on partition encryption in Linux I have found online. I often referred to this guide very frequently to get all the commands and refresh my memory on the manual encryption process. Just like you, I believe encryption is important and Canonical should support full system encryption. However, meanwhile, it is important we teach the readers step by step and the commands required to manually encryption. This creates high value by investing in "teaching" instead of directly feeding an automated script which the user has no idea what it does.

    I hope my feedback would be considered and the that the bulk of the original guide written by @slickymaster can be reverted back.

  7. #67
    Join Date
    May 2008
    Location
    United Kingdom
    Beans
    4,634
    Distro
    Lubuntu 18.04 Bionic Beaver

    Re: Manual Full System Encryption has been updated and simplified

    Quote Originally Posted by Zythyr View Post
    I noticed you made significant revisions to the original ManualFullSystemEncryption/DetailedProcess guide (and the sub-pages) which was originally written by @slickymaster…
    The entirety was written by me . Slickymaster moved my documentation from a development area to the main area, which is why it had his name.

    Yes, there were significant revisions.

    The reason why I removed the detailed explanation was that maintaining it had become a time-consuming burden for me — I am struggling with a long-term illness on top of everything else, so time is not something that I have much of. Had I left the explanations, they would quickly have become out of date.

    Maintaining the script is much faster than maintaining a detailed description of how it works, and the script itself contains (I hope) understandable documentation.

    If I were to have a volunteer to maintain the pages, of course, that would be great…

    One volunteer has offered to put the script into GIT, which I know little about. When it's done, it will be better than its current location in Dropbox.

    Quote Originally Posted by Zythyr View Post
    I think the original ManualFullSystemEncryption guide was one of the few very well written guides on partition encryption in Linux I have found online…
    Thank you. I'm sorry that those pages have gone now.

    Yes, teaching is important. On the other hand, not only did I understand just a little of what was done (the discoveries and inventions were done by people much cleverer that I am, so my explanations were not really explanations but just a description of what to do), but also what I have been pushing for is for Canonical to take this on board and put it into the default installer (which, to my knowledge, has no user documentation on how it works).

    The system was never intended for beginners, although I tried to make it accessible to such.

    Quote Originally Posted by Zythyr View Post
    I hope … that the bulk of the original guide … can be reverted back.
    I don't know how to do that — sorry. But, as I said, even if I were to do so, it was already out of date! The difference between the system for Ubuntu 16.04 and for Ubuntu 18.04 was surprisingly large. I have no idea if the future Ubuntu 20.4 will create an even wider gap.

  8. #68
    Join Date
    Apr 2008
    Beans
    8

    Re: Manual Full System Encryption has been updated and simplified

    Hi,

    At first let me thank you for your efforts in creating this guide. Regrettably I was not able to make it work on my system. I have tried several times and the last two I did the troubleshooting with the chroot as well.
    My system is a Dell XPS 13 9370 'Developer Edition' (came with Ubuntu 16.04 preinstalled).
    Once I complete all the steps in the guide and reboot, I get to the GRUB menu where I am able to select between the choices of Ubuntu (comes preselected), Advanced options for Ubuntu and finally System setup.
    When selecting the first entry I get the following three errors:
    error: no such device: <device-id>
    error: no server specified
    error: you need to load the kernel first
    finally I get a 'Press any key to continue...'
    I can either press any key or wait for about ten seconds, both actions take me back to the GRUB menu.

    The regular Ubuntu installer with and without encryption do work on this machine but I require suspend to disk.

    Thank you in advance for your help,
    abs512

  9. #69
    Join Date
    May 2008
    Location
    United Kingdom
    Beans
    4,634
    Distro
    Lubuntu 18.04 Bionic Beaver

    Re: Manual Full System Encryption has been updated and simplified

    @absolute512 — Can I confirm that you installed 18.04, not any other version? The process doesn't work with any other version.

    I can't see your screen, obviously, so I have to make a bit of a guess here. I wonder if your computer has something that the script doesn't correctly understand.

    Might I suggest that you install 18.04 using the default installer with full encryption (it won't encrypt /boot though).

    Then, post-installation, get suspend-to-disk working. To do this, first create a swap partition and enable it (the default 18.04 uses swap files instead of a swap partition). Please ask in a new thread how to do this (or maybe it has already been answered on either this forum or Ask Ubuntu). Remember that the swap partition must be at least the size of your RAM, and you need it encrypted.

    Once the swap partition is working, do the following.
    1. Code:
      sudo apt install pm-utils
      (It might already be installed.)
    2. Find the /dev/ definition of the swap partition. You'll need this in step 6.
    3. Create the file
      /etc/polkit-1/localauthority/50-local.d/com.ubuntu.enable-hibernate.pkla
    4. In the file, put the following code.
      Code:
      [Re-enable hibernate by default in upower]Identity=unix-user:*
      Action=org.freedesktop.upower.hibernate
      ResultActive=yes
      
      [Re-enable hibernate by default in logind]
      Identity=unix-user:*
      Action=org.freedesktop.login1.hibernate;org.freedesktop.login1.hibernate-multiple-sessions
      ResultActive=yes
    5. Create the following file.
      /etc/initramfs-tools/conf.d/resume
    6. In the file, put the following code.
      RESUME=[the /dev/ definition that you found in step 2]
      e.g.
      RESUME=/dev/dm-0
    7. Edit the file
      /etc/systemd/logind.conf
    8. In this file, append the following two lines.
      Code:
      HandleSuspendKey=hybrid-sleep
      HandleLidSwitch=hybrid-sleep

    Warning

    I cannot guarantee that this will work. Every system and every hardware is different, and I have read that not all manufacturers support suspend-to-disk. Also, I'm no expert; everything that I did was put together from other people's excellent work.

  10. #70
    Join Date
    Apr 2008
    Beans
    8

    Re: Manual Full System Encryption has been updated and simplified

    Hi again,
    I have tried as you asked and after resizing swap and stuff and other troubles (see: https://bugs.launchpad.net/ubuntu/+s...s/+bug/1768230) I was able to get the hibernation working.
    Now I just wish I could do it with encrypted boot partition...
    Thank you anyway!

Page 7 of 16 FirstFirst ... 56789 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •