From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.71)
	id 1RLfbx-0003b8-W9
	for mharc-grub-devel@gnu.org; Wed, 02 Nov 2011 14:32:29 -0400
Received: from eggs.gnu.org ([140.186.70.92]:49445)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <james.leddy@ubuntu.com>) id 1RLfbv-0003aK-Rf
	for grub-devel@gnu.org; Wed, 02 Nov 2011 14:32:28 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <james.leddy@ubuntu.com>) id 1RLfbu-00031z-2f
	for grub-devel@gnu.org; Wed, 02 Nov 2011 14:32:27 -0400
Received: from youngberry.canonical.com ([91.189.89.112]:56429)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <james.leddy@ubuntu.com>) id 1RLfbt-00031u-Uc
	for grub-devel@gnu.org; Wed, 02 Nov 2011 14:32:26 -0400
Received: from [71.46.235.243] (helo=[10.155.39.108])
	by youngberry.canonical.com with esmtpsa
	(TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71)
	(envelope-from <james.leddy@ubuntu.com>) id 1RLfbs-0003uf-8D
	for grub-devel@gnu.org; Wed, 02 Nov 2011 18:32:24 +0000
Message-ID: <4EB18C9B.7020407@ubuntu.com>
Date: Wed, 02 Nov 2011 14:31:55 -0400
From: "James M. Leddy" <james.leddy@ubuntu.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: grub-devel@gnu.org
Subject: Re: luks testing and source deb pkg
References: <4EB0792D.6060701@canonical.com>
	<CACB1AetBp9qjqaMWL3fpYeX-XaO3gFMJCOmauBHQH1=3B0OKWw@mail.gmail.com>
In-Reply-To: <CACB1AetBp9qjqaMWL3fpYeX-XaO3gFMJCOmauBHQH1=3B0OKWw@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3)
X-Received-From: 91.189.89.112
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2011 18:32:29 -0000

On 11/02/2011 01:59 PM, Lukas Anzinger wrote:
> Hi,
>
> I'm currently also trying to use to the luks code from trunk by using
> a modified Debian package and the latest source from the Bazaar
> repository.

Please let me know where I can find this tree so that I can test myself. 
Additionally, if you know if it should "just work" to just install the 
Debian version to Ubuntu, please let me know. I'm a recent convert from 
Fedora so a lot of this is new to me.

>
> However after entering the password, the grub menu doesn't show up and
> it states that the password is incorrect. I used 12345 which is
> obviously very hard to misspell repeatedly. I then tried to insert the
> master password from the LUKS partition directly into the source code
> and luckily succeeded with that! I'll post the snippet and my
> modifications to the package tomorrow if someone is interested. Since
> there is practically no information about this in the internet, I'll
> probably write a tutorial on how to do a full system encryption
> "TrueCrypt style" (i.e. with an encrypted /boot partition).

Expect one from me as well @ jmleddy.wordpress.com
>
> So my question is, James, how did you create your encrypted partition
> and what file system did you use?
>
> I always use "cryptsetup luksFormat /dev/sda1" (on Debian Sid) which
> uses aes-cbc-essiv as a default value AFAIK and ext3.

That's exactly what I did, except with ext4. The file system shouldn't 
matter in evaluating the password. From dmsetup table:

aes-cbc-essiv:sha256

> Could you also append your tared "debian" folder which generates the
> grub package(s)?

Sure thing when I have a little more time.

>
> Regards,
>
> Lukas
>
> On Tue, Nov 1, 2011 at 23:56, James M. Leddy<james.leddy@canonical.com>  wrote:
>> Hi,
>>
>> I've successfully tested the luks code in ubuntu using a modified grub2
>> package. You can test yourself if you're already using crypted root and
>> separate /boot by rsying the /boot dev to the root filesyste, removing the
>> /etc/fstab entry, and running:
>>
>> # GRUB_CRYPTODISK_ENABLE=y grub-install --debug --modules=configfile
>> --modules=gcry_sha1 --modules=gcry_sha256 --modules=fshelp
>> --modules=biosdisk --modules=part_msdos --modules=linux --modules=ext2
>> --modules=help --modules=minicmd --modules=crypto --modules=cryptodisk
>> --modules=gcry_rijndael --modules=luks /dev/sda
>> # GRUB_CRYPTODISK_ENABLE=y update-grub
>>
>>
>> The merged source is available here:
>>
>> https://code.launchpad.net/~jm-leddy/+junk/grub-luks
>>
>> just do a :
>>
>>    $ bzr branch lp:~jm-leddy/+junk/grub-luks
>>    $ cd grub-luks
>> $ bzr builddeb
>>
>> _______________________________________________
>> Grub-devel mailing list
>> Grub-devel@gnu.org
>> https://lists.gnu.org/mailman/listinfo/grub-devel
>>
>
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel