[opensuse] Not posible to completely encrypt an OS3 system anymore?
Hello, I just installed OS3 on a Macbook and, of course, I wanted to encrypt it as I have done it with all my machines. But ooh: there's no boot.crypt anymore and my many times used approach does not work anymore. S*** So I went to Yast (after swapoff --all and making sure the swap dev was not mounted) and told it to format the swap partition with encryption. It asked me for the passphrase but then ended up in some errors (sorry, forgot the numbers, googling did nod give any results). So, ok, I thought, maybe I do it with a fresh install and directly encrypt the partitions. But ooo, again: when telling to encrypt / it says: it is not possible to have / encrypted (although I have a separate, not encrypted /boot). So, is it true, that is is not possible to have a somehow safe computer with Opensuse anymore?? For me encrypting only the home partition doesn't make any sense when there is a freely readable swap and /. Or did the installer just have a bad moment and made a joke on me? Any hints are more than welcome... Daniel -- Daniel Bauer photographer Basel Barcelona professional photography: http://www.daniel-bauer.com google+: https://plus.google.com/109534388657020287386 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
El 27/03/13 15:00, Daniel Bauer escribió:
Hello,
I just installed OS3 on a Macbook and, of course, I wanted to encrypt it as I have done it with all my machines.
what is OS3 ? do you mean OS 12.3 ?
But ooh: there's no boot.crypt anymore and my many times used approach does not work anymore. S***
Correct, boot.crypt was part of sysvinit booting, which is gone.
So I went to Yast (after swapoff --all and making sure the swap dev was not mounted) and told it to format the swap partition with encryption. It asked me for the passphrase but then ended up in some errors (sorry, forgot the numbers, googling did nod give any results).
OK, this is the part that matters, information is missing,..,
So, ok, I thought, maybe I do it with a fresh install and directly encrypt the partitions.
But ooo, again: when telling to encrypt / it says: it is not possible to have / encrypted (although I have a separate, not encrypted /boot).
So, is it true, that is is not possible to have a somehow safe computer with Opensuse anymore?? For me encrypting only the home partition doesn't make any sense when there is a freely readable swap and /. Or did the installer just have a bad moment and made a joke on me?
Any hints are more than welcome...
Yes, it is possible.. but you need a separate /boot .. I dont know exactly what you did so cannot help further until you describe step by step what you did and what was the exact result. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am 27.03.2013 19:19, schrieb Cristian Rodríguez:
El 27/03/13 15:00, Daniel Bauer escribió:
Hello,
I just installed OS3 on a Macbook and, of course, I wanted to encrypt it as I have done it with all my machines.
what is OS3 ? do you mean OS 12.3 ?
Yes, Opensuse 12.3. Sorry for typo...
But ooh: there's no boot.crypt anymore and my many times used approach does not work anymore. S***
Correct, boot.crypt was part of sysvinit booting, which is gone.
So I went to Yast (after swapoff --all and making sure the swap dev was not mounted) and told it to format the swap partition with encryption. It asked me for the passphrase but then ended up in some errors (sorry, forgot the numbers, googling did nod give any results).
OK, this is the part that matters, information is missing,..,
So, ok, I thought, maybe I do it with a fresh install and directly encrypt the partitions.
But ooo, again: when telling to encrypt / it says: it is not possible to have / encrypted (although I have a separate, not encrypted /boot).
So, is it true, that is is not possible to have a somehow safe computer with Opensuse anymore?? For me encrypting only the home partition doesn't make any sense when there is a freely readable swap and /. Or did the installer just have a bad moment and made a joke on me?
Any hints are more than welcome...
Yes, it is possible.. but you need a separate /boot .. I dont know exactly what you did so cannot help further until you describe step by step what you did and what was the exact result.
Meanwhile I destroyed the system and have to set it up again... My install was according to my old approach: /dev/sda3 /boot /dev/sda5 /home (20 GB) /dev/sda6 / (350 GB) /dev/sda7 swap (the "funny" order is because I first had to make the partions in MaxOSX and then reformat in OS, otherwise dualboot wouldn't work) I then encrypted /home using Yast, rsync-ed / to /home and edited the fstab and crypttab on that copy, so that sda5 would become / and sda6 /home. I run mkinitrd, but I did not find out where to change the grub2 entries... As was foreseeable, I could not boot anymore. I was asked several times for the passphrase but it could not decrypt, I guess due to my changes. Now, I am going to make a new clean install, but fist wait, if somebody can lead me to a howto, so that in the end I have a fully encrypted system (except /boot partition). So, if there is a possibility,please let me know, how... Thanks Daniel -- Daniel Bauer photographer Basel Barcelona professional photography: http://www.daniel-bauer.com google+: https://plus.google.com/109534388657020287386 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hello Dne St 27. března 2013 15:19:09, Cristian Rodríguez napsal(a):
El 27/03/13 15:00, Daniel Bauer escribió:
Hello,
I just installed OS3 on a Macbook and, of course, I wanted to encrypt it as I have done it with all my machines.
what is OS3 ? do you mean OS 12.3 ?
But ooh: there's no boot.crypt anymore and my many times used approach does not work anymore. S***
Correct, boot.crypt was part of sysvinit booting, which is gone.
So I went to Yast (after swapoff --all and making sure the swap dev was not mounted) and told it to format the swap partition with encryption. It asked me for the passphrase but then ended up in some errors (sorry, forgot the numbers, googling did nod give any results).
OK, this is the part that matters, information is missing,..,
So, ok, I thought, maybe I do it with a fresh install and directly encrypt the partitions.
But ooo, again: when telling to encrypt / it says: it is not possible to have / encrypted (although I have a separate, not encrypted /boot).
So, is it true, that is is not possible to have a somehow safe computer with Opensuse anymore?? For me encrypting only the home partition doesn't make any sense when there is a freely readable swap and /. Or did the installer just have a bad moment and made a joke on me?
Any hints are more than welcome...
Yes, it is possible.. but you need a separate /boot .. I dont know exactly what you did so cannot help further until you describe step by step what you did and what was the exact result.
I have encrypted notebook with /boot (sda1) on separate partition. Rest of the disc is covered by encrypted LVM containing / (sda2) and swap (sda3). I suppose it is safe to upgrade such configuration and I can create it during installation of openSUSE 12.3. It works very well. The only problem is I didn't figure out how to mount it when booting from live CD... ;-) All the best, Vojtěch -- Vojtěch Zeisek Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux http://www.opensuse.org/ http://trapa.cz/
Am 27.03.2013 21:09, schrieb Vojtěch Zeisek:
Hello
Dne St 27. března 2013 15:19:09, Cristian Rodríguez napsal(a):
El 27/03/13 15:00, Daniel Bauer escribió:
Hello,
I just installed OS3 on a Macbook and, of course, I wanted to encrypt it as I have done it with all my machines.
what is OS3 ? do you mean OS 12.3 ?
But ooh: there's no boot.crypt anymore and my many times used approach does not work anymore. S***
Correct, boot.crypt was part of sysvinit booting, which is gone.
So I went to Yast (after swapoff --all and making sure the swap dev was not mounted) and told it to format the swap partition with encryption. It asked me for the passphrase but then ended up in some errors (sorry, forgot the numbers, googling did nod give any results).
OK, this is the part that matters, information is missing,..,
So, ok, I thought, maybe I do it with a fresh install and directly encrypt the partitions.
But ooo, again: when telling to encrypt / it says: it is not possible to have / encrypted (although I have a separate, not encrypted /boot).
So, is it true, that is is not possible to have a somehow safe computer with Opensuse anymore?? For me encrypting only the home partition doesn't make any sense when there is a freely readable swap and /. Or did the installer just have a bad moment and made a joke on me?
Any hints are more than welcome...
Yes, it is possible.. but you need a separate /boot .. I dont know exactly what you did so cannot help further until you describe step by step what you did and what was the exact result.
I have encrypted notebook with /boot (sda1) on separate partition. Rest of the disc is covered by encrypted LVM containing / (sda2) and swap (sda3). I suppose it is safe to upgrade such configuration and I can create it during installation of openSUSE 12.3. It works very well. The only problem is I didn't figure out how to mount it when booting from live CD... ;-) All the best, Vojtěch
In my desperation I tried to install a LVM system. But OS lets me hang... As said before, this is a MacBook. Here I must make the partitions in OSX (and then reformat them later) or it will not be possible to boot. SO in OSX I made a boot partition (of 1 GB, because apple thinks, this is the minimum...) and a large rest to take the LVM. But the OS installer then says that there is no room. When I use the manual partinioner of the installer, there is no option to choose LVM... Ok, I went back to OSX, deleted these two partitions to leave room, although I guess I would get other problemas later... However, when selecting LVM in the OS installer, it wants to use Mac's EFI boot partition as /boot. I guess this is too risky, because it's used by the Mac OS. There is NO way to make a separate boot partition AND a tell the installer where to put the LVM container... at least none that I have seen. Is there really NO way to make a fully encrypted system with OpenSuse 12.3 anymore without using LVM? Any ideas? Daniel -- Daniel Bauer photographer Basel Barcelona professional photography: http://www.daniel-bauer.com google+: https://plus.google.com/109534388657020287386 -- Daniel Bauer photographer Basel Barcelona professional photography: http://www.daniel-bauer.com google+: https://plus.google.com/109534388657020287386 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Finally the problem is solved, details are here: https://forums.opensuse.org/english/get-technical-help-here/install-boot-log... Happy Eastern! Daniel Am 27.03.2013 19:00, schrieb Daniel Bauer:
Hello,
I just installed OS3 on a Macbook and, of course, I wanted to encrypt it as I have done it with all my machines.
But ooh: there's no boot.crypt anymore and my many times used approach does not work anymore. S***
So I went to Yast (after swapoff --all and making sure the swap dev was not mounted) and told it to format the swap partition with encryption. It asked me for the passphrase but then ended up in some errors (sorry, forgot the numbers, googling did nod give any results).
So, ok, I thought, maybe I do it with a fresh install and directly encrypt the partitions.
But ooo, again: when telling to encrypt / it says: it is not possible to have / encrypted (although I have a separate, not encrypted /boot).
So, is it true, that is is not possible to have a somehow safe computer with Opensuse anymore?? For me encrypting only the home partition doesn't make any sense when there is a freely readable swap and /. Or did the installer just have a bad moment and made a joke on me?
Any hints are more than welcome...
Daniel
-- Daniel Bauer photographer Basel Barcelona professional photography: http://www.daniel-bauer.com google+: https://plus.google.com/109534388657020287386 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
Cristian Rodríguez -
Daniel Bauer -
Vojtěch Zeisek