Re: luks testing and source deb pkg

From: "James M. Leddy" <james.leddy@ubuntu.com>
To: grub-devel@gnu.org
Subject: Re: luks testing and source deb pkg
Date: Wed, 02 Nov 2011 14:31:55 -0400	[thread overview]
Message-ID: <4EB18C9B.7020407@ubuntu.com> (raw)
In-Reply-To: <CACB1AetBp9qjqaMWL3fpYeX-XaO3gFMJCOmauBHQH1=3B0OKWw@mail.gmail.com>

On 11/02/2011 01:59 PM, Lukas Anzinger wrote:
> Hi,
>
> I'm currently also trying to use to the luks code from trunk by using
> a modified Debian package and the latest source from the Bazaar
> repository.

Please let me know where I can find this tree so that I can test myself. 
Additionally, if you know if it should "just work" to just install the 
Debian version to Ubuntu, please let me know. I'm a recent convert from 
Fedora so a lot of this is new to me.

>
> However after entering the password, the grub menu doesn't show up and
> it states that the password is incorrect. I used 12345 which is
> obviously very hard to misspell repeatedly. I then tried to insert the
> master password from the LUKS partition directly into the source code
> and luckily succeeded with that! I'll post the snippet and my
> modifications to the package tomorrow if someone is interested. Since
> there is practically no information about this in the internet, I'll
> probably write a tutorial on how to do a full system encryption
> "TrueCrypt style" (i.e. with an encrypted /boot partition).

Expect one from me as well @ jmleddy.wordpress.com
>
> So my question is, James, how did you create your encrypted partition
> and what file system did you use?
>
> I always use "cryptsetup luksFormat /dev/sda1" (on Debian Sid) which
> uses aes-cbc-essiv as a default value AFAIK and ext3.

That's exactly what I did, except with ext4. The file system shouldn't 
matter in evaluating the password. From dmsetup table:

aes-cbc-essiv:sha256

> Could you also append your tared "debian" folder which generates the
> grub package(s)?

Sure thing when I have a little more time.

>
> Regards,
>
> Lukas
>
> On Tue, Nov 1, 2011 at 23:56, James M. Leddy<james.leddy@canonical.com>  wrote:
>> Hi,
>>
>> I've successfully tested the luks code in ubuntu using a modified grub2
>> package. You can test yourself if you're already using crypted root and
>> separate /boot by rsying the /boot dev to the root filesyste, removing the
>> /etc/fstab entry, and running:
>>
>> # GRUB_CRYPTODISK_ENABLE=y grub-install --debug --modules=configfile
>> --modules=gcry_sha1 --modules=gcry_sha256 --modules=fshelp
>> --modules=biosdisk --modules=part_msdos --modules=linux --modules=ext2
>> --modules=help --modules=minicmd --modules=crypto --modules=cryptodisk
>> --modules=gcry_rijndael --modules=luks /dev/sda
>> # GRUB_CRYPTODISK_ENABLE=y update-grub
>>
>>
>> The merged source is available here:
>>
>> https://code.launchpad.net/~jm-leddy/+junk/grub-luks
>>
>> just do a :
>>
>>    $ bzr branch lp:~jm-leddy/+junk/grub-luks
>>    $ cd grub-luks
>> $ bzr builddeb
>>
>> _______________________________________________
>> Grub-devel mailing list
>> Grub-devel@gnu.org
>> https://lists.gnu.org/mailman/listinfo/grub-devel
>>
>
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel