From: Quentin Lefebvre <alto.spam@laposte.net>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] please HELP - can't acces encrypted LVM after linux reinstallation.
Date: Mon, 31 Oct 2011 09:47:40 +0100 [thread overview]
Message-ID: <4EAE60AC.4010001@laposte.net> (raw)
In-Reply-To: <CAP8O3oNnSWO2q5-97XkcpxE-FK7nyyTF1YSSWCf+F+crpr2pEw@mail.gmail.com>
On 31/10/2011 01:30, Aleksander Swirski wrote :
> I'm pretty sure this warning is only displayed when someone decides to
> create new crypto on some partition or fill encrypted device with random
> data in the next step after setting the password. but just setting the
> password on an existing device makes data unusable without warning. when
> the partitioning is finished there is a list of partitions that will be
> wiped out, and also, during my installation crypto-deviced and /home inside
> LVM was not listed there, but already lost few clicks earlier.
>
> i understand that it wasn't taken into consideration that someone can
> attach existing encrypted device, but only that a new one will be created.
> this is inconsistent with how it goes with unencrypted partitions, where
> you can reattach them without formatting and keep your data. so i guess
> with encrypted partition this should also work that way. or maybe i miss
> the point? i will try to make the whole scenario clear, and then send my
> proposition, to debian-boot@lists.debian.org
Hi,
Indeed, it seems that improvements can be done for the Debian installer
to better handle crypto disks and partitions. With the little experience
I have about using encrypted partitions with LUKS/cryptsetup under/over
LVM, I would not have tried to attach an existing encrypted device
through the installer menu, as I know pretty well that few scenarios are
handled at this point.
Hopelessly, what you had to do in your case was to switch to a console
to make changes by hand or, if you could, wait for the reboot of your
fresh install to edit the system files and mount old volumes this way.
I agree on the point you mention, i.e. encryption could be better
integrated in the installer so that assisted mounting of old encrypted
partitions becomes possible.
In my particular case, it would be *very* valuable that other encryption
schemes get integrated in the linux kernel / initrd used by the Debian
installer, because the latter cannot either create or mount my encrypted
partitions (which need the 'xts' module). At least not with additional
work... Installing my system is really complicated by this limitation,
as I have to :
1) ( *before* launching the installer) find the appropriate kernel
modules and put them on a USB key (I sometimes installed a useless
system just for that)
2) (during the installation process) manually partition the disks in a
console, with the necessary step of loading the modules I use
3) (at the end of the installation process, *before* reboot ) 'chroot
/target' to
a) edit the /etc/cryptab file and add my encrypted devices
b) edit the /etc/initramfs-tools/modules and add the appropriate modules
c) *run* 'mkinitramfs -k all -u -v'
d) check grub and fstab config (no longer necessary ?)
e) exit
Only after these operations, I can safely switch back to the installer
and reboot the system, with the hope my root filesystem will be
correctly opened.
I would be happy to help Debian developers regarding this kind of
install, but I have always delayed the moment I contact them. If you are
planning to do so, I would be interested to be included in the
discussion and give my feedback too.
Best,
Quentin
next prev parent reply other threads:[~2011-10-31 8:47 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-28 15:23 [dm-crypt] please HELP - can't acces encrypted LVM after linux reinstallation Aleksander Swirski
2011-10-28 15:37 ` Rick Moritz
2011-10-28 15:48 ` Aleksander Swirski
2011-10-28 15:53 ` Marc Ballarin
2011-10-28 16:03 ` Arno Wagner
2011-10-28 16:05 ` Aleksander Swirski
2011-10-28 16:24 ` Arno Wagner
2011-10-28 16:38 ` Aleksander Swirski
2011-10-28 17:20 ` Heinz Diehl
2011-10-28 18:14 ` Aleksander Swirski
2011-10-29 7:43 ` Arno Wagner
2011-10-30 16:08 ` Aleksander Swirski
2011-10-30 17:32 ` Arno Wagner
2011-10-30 18:56 ` Aleksander Swirski
2011-10-30 22:25 ` Jonas Meurer
2011-10-31 0:30 ` Aleksander Swirski
2011-10-31 3:30 ` ingo.schmitt
2011-10-31 7:18 ` Arno Wagner
2011-10-31 22:17 ` Jonas Meurer
2011-10-31 22:34 ` Claudio Moretti
2011-10-31 22:48 ` Jonas Meurer
2011-10-31 23:46 ` Claudio Moretti
2011-11-01 5:02 ` Arno Wagner
2011-11-01 4:45 ` Arno Wagner
2011-11-01 4:36 ` Arno Wagner
2011-10-31 8:47 ` Quentin Lefebvre [this message]
2011-10-31 22:56 ` Jonas Meurer
2011-10-31 22:40 ` Jonas Meurer
2011-10-29 8:15 ` Yves-Alexis Perez
2011-10-30 19:03 ` Aleksander Swirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4EAE60AC.4010001@laposte.net \
--to=alto.spam@laposte.net \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox