[opensuse] OS 12.3 encrypted home asks 4 times for password at boot
Hello, I am still trying to install at least a half secure OS 12.3 on my Macbook Pro. I did a fresh install with /dev/sda3 /boot (ext2) /dev/sda4 / (reiser) /dev/sda5 /home (reiser, encrypted with the installer) /dev/sda5 /swap (swap, encrypted with the installer) Now at boot I am asked 4 times for the password for /home and two times for the password for swap. I rebooted several times, it's always the same. What I really wanted was a completely encrypted system as it was possible until 12.1 (all partitions encrypted, except /boot). As it is not possible anymore to have encrypted / (*), I decided to at least encrypt /home and /swap, although it bothers me very much, that /root, /temp, /var and so on are not encrypted and thus make my laptop very vulnerable. But entering the passphrase 6 times at every boot makes the system unusable to me. How can I resolve that? I want to enter the passphrase only once. Thanks for hints. Daniel (*) - boot.crypto was removed without giving an alternative. The page http://en.opensuse.org/SDB:Encrypted_filesystems enplanes how to "Manually creating new LUKS volumes", but above it says "In openSUSE 12.3 the boot.crypto scripts are no longer available as they were obsoleted by the systemd implementation." However there is no way to encrypt the / during install (it says "/ cannot be encrypted). - using a LVM is not possible in my case (on a Mac Powerbook) because I MUST prepare the partitions with the Max OSX Disk Utility, otherwise I cannot boot. But the installer doesn't let me use those partitions, just says that there is no space to create an LVM. I was googling intensively, but I have not found anything that could lead me to have a secure, encrypted OS 12.3 system. I have a lot of sensitive data and in case of theft I could be made responsible for damages. - unfortunately it is not possible to install 12.1 on the powerbook (it first recognizes the dvd, but then stops telling me that there is no bootable device. I checked the dvd on my other machine, it's fine...) -- Daniel Bauer photographer Basel Barcelona professional photography: http://www.daniel-bauer.com google+: https://plus.google.com/109534388657020287386 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, Mar 28, 2013 at 3:05 PM, Daniel Bauer <linux@daniel-bauer.com> wrote:
- boot.crypto was removed without giving an alternative. The page http://en.opensuse.org/SDB:Encrypted_filesystems enplanes how to "Manually creating new LUKS volumes", but above it says "In openSUSE 12.3 the boot.crypto scripts are no longer available as they were obsoleted by the systemd implementation." However there is no way to encrypt the / during install (it says "/ cannot be encrypted).
Was it possible in previous versions? How boot.crypto can be related to whole root encryption? Root must be decrypted before any service can run.
- using a LVM is not possible in my case (on a Mac Powerbook) because I MUST prepare the partitions with the Max OSX Disk Utility, otherwise I cannot boot. But the installer doesn't let me use those partitions, just says that there is no space to create an LVM.
Did you try expert mode and manually create PV from partitions? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am 28.03.2013 13:05, schrieb Andrey Borzenkov:
On Thu, Mar 28, 2013 at 3:05 PM, Daniel Bauer <linux@daniel-bauer.com> wrote:
- boot.crypto was removed without giving an alternative. The page http://en.opensuse.org/SDB:Encrypted_filesystems enplanes how to "Manually creating new LUKS volumes", but above it says "In openSUSE 12.3 the boot.crypto scripts are no longer available as they were obsoleted by the systemd implementation." However there is no way to encrypt the / during install (it says "/ cannot be encrypted).
Was it possible in previous versions?
Not during installation.
How boot.crypto can be related to whole root encryption? Root must be decrypted before any service can run.
In the link above it is explained. I used to install "normal" using the partition that later would become /home for the system root, then encrypted the partition that would become /, rsyncing the system to there and adjusting cryptotab, fstab etc... A bit time eating, but working perfectly.
- using a LVM is not possible in my case (on a Mac Powerbook) because I MUST prepare the partitions with the Max OSX Disk Utility, otherwise I cannot boot. But the installer doesn't let me use those partitions, just says that there is no space to create an LVM.
Did you try expert mode and manually create PV from partitions?
I tried using the partitioner of the installer but it does not offer to create a LVM volume group, just "normal" partitions. -- Daniel Bauer photographer Basel Barcelona professional photography: http://www.daniel-bauer.com google+: https://plus.google.com/109534388657020287386 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Daniel Bauer <linux@daniel-bauer.com> [03-28-13 09:00]:
Am 28.03.2013 13:05, schrieb Andrey Borzenkov: [...]
Did you try expert mode and manually create PV from partitions?
I tried using the partitioner of the installer but it does not offer to create a LVM volume group, just "normal" partitions.
Odd? All of the 12.3 installs I have made to date offer lvm which I *do* choose. Perhaps you should take another look at the install. I am not concerned with encrypting my systems and cannot comment on availability as I have not noticed that option, maybe due to dis-interest. -- (paka)Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 http://en.opensuse.org openSUSE Community Member Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Content-ID: <alpine.LNX.2.00.1303291203511.21805@Telcontar.valinor> On Thursday, 2013-03-28 at 10:06 -0400, Patrick Shanahan wrote:
* Daniel Bauer <linux@daniel-bauer.com> [03-28-13 09:00]:
I tried using the partitioner of the installer but it does not offer to create a LVM volume group, just "normal" partitions.
Odd? All of the 12.3 installs I have made to date offer lvm which I *do* choose. Perhaps you should take another look at the install. I am not concerned with encrypting my systems and cannot comment on availability as I have not noticed that option, maybe due to dis-interest.
Notice that he is using a " Macbook Pro" and encryption. Both things make for important differences. - -- Cheers, Carlos E. R. (from 12.1 x86_64 "Asparagus" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iEYEARECAAYFAlFVdVoACgkQtTMYHG2NR9WcKACfe6dlC9chQyOWX3docPovoTPj KKwAnR+qHHoEoWtNg/34gYfXk9baTIiq =Dj1c -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, Mar 28, 2013 at 3:05 PM, Daniel Bauer <linux@daniel-bauer.com> wrote:
" However there is no way to encrypt the / during install (it says "/ cannot be encrypted).
I briefly tested it an I think keyword here is "use nonloopbacked filesystem". Does using encryption really requires loop mount? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am 28.03.2013 13:19, schrieb Andrey Borzenkov:
On Thu, Mar 28, 2013 at 3:05 PM, Daniel Bauer <linux@daniel-bauer.com> wrote:
" However there is no way to encrypt the / during install (it says "/ cannot be encrypted).
I briefly tested it an I think keyword here is "use nonloopbacked filesystem". Does using encryption really requires loop mount?
In fact I don't know. I found a Howto years ago on howto encrypt a whole system and adapted it to my needs. The approach is as described in my other reply.... Daniel -- Daniel Bauer photographer Basel Barcelona professional photography: http://www.daniel-bauer.com google+: https://plus.google.com/109534388657020287386 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Finally the problem is solved, details are here: https://forums.opensuse.org/english/get-technical-help-here/install-boot-log... Happy Eastern! Daniel Am 28.03.2013 12:05, schrieb Daniel Bauer:
Hello,
I am still trying to install at least a half secure OS 12.3 on my Macbook Pro.
I did a fresh install with /dev/sda3 /boot (ext2) /dev/sda4 / (reiser) /dev/sda5 /home (reiser, encrypted with the installer) /dev/sda5 /swap (swap, encrypted with the installer)
Now at boot I am asked 4 times for the password for /home and two times for the password for swap.
I rebooted several times, it's always the same.
What I really wanted was a completely encrypted system as it was possible until 12.1 (all partitions encrypted, except /boot).
As it is not possible anymore to have encrypted / (*), I decided to at least encrypt /home and /swap, although it bothers me very much, that /root, /temp, /var and so on are not encrypted and thus make my laptop very vulnerable.
But entering the passphrase 6 times at every boot makes the system unusable to me.
How can I resolve that? I want to enter the passphrase only once.
Thanks for hints.
Daniel
(*) - boot.crypto was removed without giving an alternative. The page http://en.opensuse.org/SDB:Encrypted_filesystems enplanes how to "Manually creating new LUKS volumes", but above it says "In openSUSE 12.3 the boot.crypto scripts are no longer available as they were obsoleted by the systemd implementation." However there is no way to encrypt the / during install (it says "/ cannot be encrypted).
- using a LVM is not possible in my case (on a Mac Powerbook) because I MUST prepare the partitions with the Max OSX Disk Utility, otherwise I cannot boot. But the installer doesn't let me use those partitions, just says that there is no space to create an LVM.
I was googling intensively, but I have not found anything that could lead me to have a secure, encrypted OS 12.3 system. I have a lot of sensitive data and in case of theft I could be made responsible for damages.
- unfortunately it is not possible to install 12.1 on the powerbook (it first recognizes the dvd, but then stops telling me that there is no bootable device. I checked the dvd on my other machine, it's fine...)
-- Daniel Bauer photographer Basel Barcelona professional photography: http://www.daniel-bauer.com google+: https://plus.google.com/109534388657020287386 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (4)
-
Andrey Borzenkov -
Carlos E. R. -
Daniel Bauer -
Patrick Shanahan