Volker Kuhlmann wrote:
On Sun 29 Apr 2007 09:11:12 NZST +1200, Jochen Hayek
May I suggest a change to /etc/init.d/boot.crypto
Thanks for that, I second your suggestions. A few days ago I had a play
with an encrypted removable disk. My comments:
1) The only way to create such a disk, on a removable memory gimmick
which are of plentiful supply and very popular, is to go into yast disk
partitioner and to click a few dire warnings "this is only for
advanced..." out of the way, and going all the way with "custom".
Actually same issue with non-encrypted removable storage. Something more
user-friendly would be a good idea for 10.4.
2) The only functional fstab entry I found is:
/dev/disk/by-id/usb-HTS54104_MPB2LAX2xxxxxx_B26A82xxxxxx-part1 /media/portable2 ext3
loop,encryption=twofish256,acl,user_xattr,user,nosuid,nodev,noexec,noauto 0 0
For the reasons Jochen explained, reference by sdXN is useless. The yast
fstab editor (disk partitioner) is unable to create such an entry,
because as soon as "encrypt filesystem" is clicked, the button to enter
the 4 advanced options disappears from the screen. Of those 4 options
(of referencing the partition), only by-ID can work. So the other 3 (but
UUID, etc) should be greyed out or disappear, but by-ID must stay, in
fact it should be default.
That's unrelated to boot.crypto. Please consider filing a bug for YaST.
3) The system (tested 10.2) fails to load the
cryptoloop module. This
must be loaded manually by root first, or the filesystem can never be
mounted. One could add it to MODULES_LOADED_ON_BOOT. boot.crypto loads
it but *only* if a fixed disk with encrypted fs is also in the system.
10.3 boot.crypto will not use cryptoloop so that problem should be obsolete.
4) Optical problem only: If /etc/cryptotab exists,
to text console, finds it doesn't have to do anything because I
commented out the lines but don't want to delete them as it has the info
I need for fstab, or because the disk is currently not plugged in, then
switches back to graphics boot screen.
Please file a bug and assign it to me.
5) The removable disk must be mountable by $user, as
the other movable
6) There's no desktop auto-popup asking for the fs crypto password.
hal supports both for LUKS volumes at the backend side of things.
KDE/GNOME need to implement the UI. On the command line you can
mount such volumes with the halmount script (in a still slightly
inconvenient way though).
(o_ Ludwig Nussel
//\ SUSE Labs
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-factory+help(a)opensuse.org