encrypted partitions with 10.1 autoyast?
Hi, I tried to use a profile from 9.3 in order to create an encrypted partition in 10.1 but it gave me a cryptic error (error code -3013, whatever that means) during installation and I ended up with an invalid partition table. Following is the piece from my profile: <partition> <crypt_fs config:type="boolean">true</crypt_fs> <crypt>twofish</crypt> <crypt_key>CRYPTOPASS</crypt_key> <filesystem config:type="symbol">xfs</filesystem> <format config:type="boolean">true</format> <loop_fs config:type="boolean">true</loop_fs> <mount>/home</mount> <partition_id config:type="integer">131</partition_id> <size>max</size> </partition> Do I have to do something different in 10.1? The online documentation doesn't mention encrypted partitions at all. Karsten.
On Monday 05 June 2006 22:46, Karsten Künne wrote:
I tried to use a profile from 9.3 in order to create an encrypted partition in 10.1 but it gave me a cryptic error (error code -3013, whatever that means) during installation and I ended up with an invalid partition table. Following is the piece from my profile:
<partition> <crypt_fs config:type="boolean">true</crypt_fs> <crypt>twofish</crypt> <crypt_key>CRYPTOPASS</crypt_key> <filesystem config:type="symbol">xfs</filesystem> <format config:type="boolean">true</format> <loop_fs config:type="boolean">true</loop_fs> <mount>/home</mount> <partition_id config:type="integer">131</partition_id> <size>max</size> </partition>
This works fine here: <partition> <crypt>twofish256</crypt> <crypt_key>abc12345678901234567890</crypt_key> <loop_fs config:type="boolean">true</loop_fs> <crypt_fs config:type="boolean">true</crypt_fs> <filesystem config:type="symbol">ext3</filesystem> <format config:type="boolean">true</format> <mount>/tmp</mount> <partition_id config:type="integer">131</partition_id> <size>1GB</size> <partition_type>primary</partition_type> </partition> I don't think <crypt>twofish</crypt> is a valid value in your profile. -- ciao, Uwe Gansert Uwe Gansert, Server Technologies Team SUSE LINUX Products GmbH, Maxfeldstrasse 5, D-90409 Nuernberg, Germany e-mail: uwe.gansert@suse.de, Tel: +49-(0)911-74053-0, Fax: +49-(0)911-74053-476, Web: http://www.suse.de
On Wednesday 07 June 2006 04:54, Uwe Gansert wrote:
On Monday 05 June 2006 22:46, Karsten Künne wrote:
I tried to use a profile from 9.3 in order to create an encrypted partition in 10.1 but it gave me a cryptic error (error code -3013, whatever that means) during installation and I ended up with an invalid partition table. Following is the piece from my profile:
<partition> <crypt_fs config:type="boolean">true</crypt_fs> <crypt>twofish</crypt> <crypt_key>CRYPTOPASS</crypt_key> <filesystem config:type="symbol">xfs</filesystem> <format config:type="boolean">true</format> <loop_fs config:type="boolean">true</loop_fs> <mount>/home</mount> <partition_id config:type="integer">131</partition_id> <size>max</size> </partition>
This works fine here: <partition> <crypt>twofish256</crypt> <crypt_key>abc12345678901234567890</crypt_key> <loop_fs config:type="boolean">true</loop_fs> <crypt_fs config:type="boolean">true</crypt_fs> <filesystem config:type="symbol">ext3</filesystem> <format config:type="boolean">true</format> <mount>/tmp</mount> <partition_id config:type="integer">131</partition_id> <size>1GB</size> <partition_type>primary</partition_type> </partition>
I don't think <crypt>twofish</crypt> is a valid value in your profile.
Yes, twofish256 works, but seems to require a 20-character passphrase. That's not gonna fly with our users. I know it's a bad thing to reduce that requirement but I'm gonna loose that battle with our users. But this is not autoyast-related so I don't want to discuss that here. If somebody knows how to configure a cryptfs in SUSE 10.1 with a shorter than 20 character passphrase I would appreciate that. Karsten. -- We are all agreed that your theory is crazy. The question which divides us is whether it is crazy enough to have a chance of being correct. My own feeling is that it is not crazy enough. -- Niels Bohr
participants (2)
-
Karsten Künne -
Uwe Gansert