The 22C3 in Berlin is coming up and after helping a friend convert his notebook to dm-crypt/lvm, i'm ready to try it myself :)
It was not quite straightforward, so i'll describe the necessary steps here.
When i'm done, i'll have two physical partitions (hda1 and hda2). hda1 is /boot and must be unencrypted because it contains the kernel and initrd.
hda2 is an encrypted LVM physical volume which contains / and all other volumes.
Before we begin some packages need to be installed:
yaird (to build the initrd)
cryptsetup-luks (supports a partition header which containes the encrypted key)
lvm2 (to manage volumes)
yaird and lvm2 are in debian and cryptsetup-luks is avaible from http://luks.endorphin.org/ (a debian repository is at http://einsteinmg.dyndns.org/debian/).
We also need a kernel compiled with aes, dm-crypt and lvm.
This will initialize and open hda2 as pvcrypt
# cryptsetup luksFormat /dev/hda2
WARNING!
========
This will overwrite data on /dev/hda2 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
# cryptsetup luksOpen /dev/hda2 pvcrypt
Enter LUKS passphrase:
key slot 0 unlocked.
Now the usual lvm setup:
# pvcreate /dev/mapper/pvcrypt
Physical volume "/dev/mapper/pvcrypt" successfully created
# vgcreate vgcrypt /dev/mapper/pvcrypt
Volume group "vgcrypt" successfully created
# lvcreate -n lvroot -L 8G vgcrypt
Logical volume "lvroot" created
# lvcreate -n lvswap -L 1G vgcrypt
Logical volume "lvswap" created
# lvcreate -n lvhome -L 10G vgcrypt
Logical volume "lvhome" created
If this does not work, you may have an older version of lvm which does not allow mapped devices as pvs per default. You need to change this in /etc/lvm/lvm.conf.
To copy my data to the new filesystems i use rsync -avx. -x tells rsync to copy only one filesystem, so if you have more than one you need to call rsync for each. If you have everything on one filesystem which is mounted at /mnt/source, you can use:
# rsync -avx /mnt/source/ /mnt/target/
UDev uses a tmpfs mounted at /dev, so you may need to copy /dev/.static/dev by hand.
Now you need to make sure /mnt/target/sys and /mnt/target/proc exist. Before we can chroot to the new system we need to bind sys and proc:
# mount --bind /sys /mnt/target/sys
# mount --bind /proc /mnt/target/proc
Now we can enter the new system with chroot /mnt/target. The only thing left now is making the system bootable. I use grub because it allows me to change almost everthing at runtime.
Grub needs to load the kernels from /dev/hda1 (which grub calls (hd0,0)).
# grub-install /dev/hda1
You may also need to run update-grub and check /boot/grub/menu.list for incorrect paths.
Yaird needs a /etc/crypttab like this to find the encrypted volumes:
#
cryptpv /dev/hda4
Update your /etc/fstab to match the new layout.
Now we can build an initrd with yaird:
# yaird -o /boot/initrd-2.6.12.3
The current yaird has a problem with the new names for the AES kernel option. If you have AES compiled into the kernel, it will not look for the correct option. In /usr/lib/yaird/perl/KConfig.pm replace CONFIG_CRYPTO_AES with CONFIG_CRYPTO_AES_586 (or whatever else you have in your kernel config).
If you did not use a initrd before run update-grub again.
Now reboot your system and it should ask you for the password you entered while creating the encrypted volume. Don't forget to wipe your old data after verifying everything is correct.</http://einsteinmg.dyndns.org/debian/></http://luks.endorphin.org/>
Early real-time strategy games often allowed multiplayer play over a modem or local network. As the Internet started to grow during the 1990s, software was developed that would allow players to tunnel the LAN protocols used by the games over the Internet. By the late 1990s, most RTS games had native Internet support, allowing players from all over the globe to play with each other. Services were created to allow players to be automatically matched against another player wishing to play or lobbies were formed where people could meet in so called game rooms. An example was the MSN Gaming Zone where online game communities were formed by active players for games, such as Age of Empires and Microsoft Ants.
jeux gratuits, Brain Puzzles, Gandy, Travailleur Robot, Drakoja, Vélo,
I'm planning to do the same on a new (empty) harddisk.
There should be 2 partitions, namely the boot partition and the dm-crypt partition which will be the base for lvm2 logical partitions (as described).
I'm trying to install debian with the netinstall cd-rom, unfortunately all the crypto tools are not on it.
Thus I guess I need a temporary partition where I can do a minimal debian installation.
Once installed I can do all the crypto partition setup, copy the minimal installation on the newly created crypted lvm partitions and chroot.
The problem is that the temporary partition has no use lateron ;(
How did you do it ?
Maybe the mentioned initial install can be done on a temporary ramdisk ?
Another idea would be do a minimal debian install on a tiny harddisk partition and use this tiny harddisk partition as /boot lateron.
What can you suggest ?
It would be great to hear from you,
see you at 22c3 and greets,
max
You can use a live-cd like [http://kanotix.com/|Kanotix] to install debian with debootstrap. Kanotix includes the needed tools (except cryptsetup-luks, which you can install when you boot with unionfs).
Setup the partitions, crypt, lvm, mount, use debootstrap, chroot.
Now you need to configure /etc/fstab, /etc/crypttab, /etc/network/interfaces and so on. Look at [http://www.inittab.de/manuals/debootstrap.html] for some hints (but use grub instead).
Early real-time strategy
Download gratis di programmi (not verified) — Mon, 2010-07-26 09:53Early real-time strategy games often allowed multiplayer play over a modem or local network. As the Internet started to grow during the 1990s, software was developed that would allow players to tunnel the LAN protocols used by the games over the Internet. By the late 1990s, most RTS games had native Internet support, allowing players from all over the globe to play with each other. Services were created to allow players to be automatically matched against another player wishing to play or lobbies were formed where people could meet in so called game rooms. An example was the MSN Gaming Zone where online game communities were formed by active players for games, such as Age of Empires and Microsoft Ants. jeux gratuits, Brain Puzzles, Gandy, Travailleur Robot, Drakoja, Vélo,
where to start ?
max (not verified) — Sat, 2005-12-24 10:19Hi,
I'm planning to do the same on a new (empty) harddisk. There should be 2 partitions, namely the boot partition and the dm-crypt partition which will be the base for lvm2 logical partitions (as described).
I'm trying to install debian with the netinstall cd-rom, unfortunately all the crypto tools are not on it. Thus I guess I need a temporary partition where I can do a minimal debian installation. Once installed I can do all the crypto partition setup, copy the minimal installation on the newly created crypted lvm partitions and chroot.
The problem is that the temporary partition has no use lateron ;(
How did you do it ? Maybe the mentioned initial install can be done on a temporary ramdisk ? Another idea would be do a minimal debian install on a tiny harddisk partition and use this tiny harddisk partition as /boot lateron. What can you suggest ?
It would be great to hear from you, see you at 22c3 and greets, max
Use debootstrap with Kanotix
Jan Lübbe — Sat, 2005-12-31 09:38You can use a live-cd like [http://kanotix.com/|Kanotix] to install debian with debootstrap. Kanotix includes the needed tools (except cryptsetup-luks, which you can install when you boot with unionfs). Setup the partitions, crypt, lvm, mount, use debootstrap, chroot. Now you need to configure /etc/fstab, /etc/crypttab, /etc/network/interfaces and so on. Look at [http://www.inittab.de/manuals/debootstrap.html] for some hints (but use grub instead).