2015-12-06 16:57 GMT-03:00 Bruno Friedmann <bruno@ioda-net.ch>:
On Sunday 06 December 2015 19.49:12 Andrei Borzenkov wrote:
06.12.2015 18:09, Bruno Friedmann пишет:
On Sunday 06 December 2015 17.23:58 Andrei Borzenkov wrote:
06.12.2015 16:14, Richard Brown пишет:
I've been told this by SUSE's Senior Architect for SLES, who knows more about this stuff in his little finger than anyone else I know, so if he says that you require GPT in order to do do (non-LVM) btrfs with Encryption, then I absolutely trust what he says to be true.
I just installed TW with a single encrypted partition containing single / on btrfs on MSDOS partition table. I am asked by GRUB to provide passphrase to be able to boot at all, and I am able to select read-only snapshots and boot from them. I used YaST for it.
What am I doing wrong?
P.S. I thought it was technical list, where people are expected to provide technical arguments, not refer to His Highness Senior Architect.
P.P.S. The word "SUSE" probably means that all bets for me are off and I am wrong by definition because I do not belong to "SUSE".
Okay so finally (except the Pandora b branch on this thread) we move forward.
If GPT is mandatory, I don't care that much, any new computer will need GPT for UEFI anyway.
Richard Thanks for the point about the grub+init, I've forgot those, I was sure we can have a root=subvol@id to point to a ro snapshot. but yes if grub itself is broken by an update (I wonder how it can happen right ? :-)
Actually GRUB itself is exempted from snapshots; which is the exact reason for /boot/grub/i386-pc and /boot/grub/x86_64-efi volumes (as we learned recently we do have 64 bit systems with 32 bit firmware so i386-efi is missing). What is snapshotted is grub.cfg.
and the rest of /boot I guess otherwise kernel and initrd are simply lost no ?
I will try to get this kind of setup on a vm before making it real on my future lappy.
The challenge is to be able to check "Encrypt partition". It appears completely random whether checkbox is active or not and I cannot see any pattern when YaST allows it.
Oh, and you must use LVM, YaST won't allow filesystem on encrypted partition directly (or better it won't ever allow checking Encrypt when usage is filesystem).
If I have to use LVM + luks then I stick with ext4 this work nicely from more than 6 years now ... With some trick snapshots is available ...
I've read that it could be possible to prepare the disk so no big yast involvement. But at term, the idea is to make it work. so by default for roaming user with sensitive data we have something ready to use.
ps : Please respond only to the mailing list. no need to have a second copy ;-) I don't care about if this possible or not for gmail ...
--
I got similar problems with Opensuse 13.2 on the SDB1 HD partition, and Leap 42.1 on the SDA1 HD partition, using the same home on the sdb2 partition. I used a dirty trickOpensuse 13.2 to resolve this: Running Leap 42.1 on the sda1, I mounted the sdb1 on /mnt, and copied the principal section of Opensuse 13.2 from the file /boot/grub/grub.cfg (sdb1 hd) inside the file /etc/grub.d/40_custom (sda1 hd) Then the last file look like this: #!/bin/sh exec tail -n +3 $0 # This file provides an easy way to add custom menu entries. Simply type the # menu entries you want to add after this comment. Be careful not to change # the 'exec tail' line above. Opensuse 13.2 menuentry 'openSUSE 13.2' --class opensuse --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-d829a0d3-2166-4a6c-8836-0cba393b74a1' { load_video set gfxpayload=keep insmod gzio insmod part_msdos insmod btrfs set root='hd0,msdos1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd1,msdos1 --hint-efi=hd1,msdos1 --hint-baremetal=ahci1,msdos1 --hint='hd0,msdos1' d829a0d3-2166-4a6c-8836-0cba393b74a1 else search --no-floppy --fs-uuid --set=root d829a0d3-2166-4a6c-8836-0cba393b74a1 fi echo 'Cargando Linux 3.16.7-29-desktop...' linux /boot/vmlinuz-3.16.7-29-desktop root=UUID=d829a0d3-2166-4a6c-8836-0cba393b74a1 ${extra_cmdline} resume=/dev/disk/by-uuid/b72cc926-db3a-427b-8aad-bdc1e812bb6b splash=silent quiet showopts echo 'Cargando imagen de memoria inicial...' initrd /boot/initrd-3.16.7-29-desktop } After this file edit, I executed: "grub2-mkconfig -o /boot/grub2/grub.cfg" This trick works ok, but has the problem if I upgrade the kernel on opensuse 13.2, it will no work, until I make this trick again. Regards, Juan -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org