Volker Kuhlmann wrote:
On Sun 29 Apr 2007 09:11:12 NZST +1200, Jochen Hayek wrote:
May I suggest a change to /etc/init.d/boot.crypto ?
Thanks for that, I second your suggestions. A few days ago I had a play with an encrypted removable disk. My comments:
1) The only way to create such a disk, on a removable memory gimmick which are of plentiful supply and very popular, is to go into yast disk partitioner and to click a few dire warnings "this is only for advanced..." out of the way, and going all the way with "custom". Actually same issue with non-encrypted removable storage. Something more user-friendly would be a good idea for 10.4.
2) The only functional fstab entry I found is:
/dev/disk/by-id/usb-HTS54104_MPB2LAX2xxxxxx_B26A82xxxxxx-part1 /media/portable2 ext3 loop,encryption=twofish256,acl,user_xattr,user,nosuid,nodev,noexec,noauto 0 0
For the reasons Jochen explained, reference by sdXN is useless. The yast fstab editor (disk partitioner) is unable to create such an entry, because as soon as "encrypt filesystem" is clicked, the button to enter the 4 advanced options disappears from the screen. Of those 4 options (of referencing the partition), only by-ID can work. So the other 3 (but UUID, etc) should be greyed out or disappear, but by-ID must stay, in fact it should be default.
That's unrelated to boot.crypto. Please consider filing a bug for YaST.
3) The system (tested 10.2) fails to load the cryptoloop module. This must be loaded manually by root first, or the filesystem can never be mounted. One could add it to MODULES_LOADED_ON_BOOT. boot.crypto loads it but *only* if a fixed disk with encrypted fs is also in the system.
10.3 boot.crypto will not use cryptoloop so that problem should be obsolete.
4) Optical problem only: If /etc/cryptotab exists, boot.crypto switches to text console, finds it doesn't have to do anything because I commented out the lines but don't want to delete them as it has the info I need for fstab, or because the disk is currently not plugged in, then switches back to graphics boot screen.
Please file a bug and assign it to me.
5) The removable disk must be mountable by $user, as the other movable storage things.
6) There's no desktop auto-popup asking for the fs crypto password.
hal supports both for LUKS volumes at the backend side of things. KDE/GNOME need to implement the UI. On the command line you can mount such volumes with the halmount script (in a still slightly inconvenient way though). cu Ludwig -- (o_ Ludwig Nussel //\ SUSE Labs V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org