[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#381887: crypto installation report (loop-AES)

Package: installation-reports

Boot method: businesscard ISO
Image version: 2006-08-07 build from

Machine: VMWare Player 1.0.1 build-19317
Memory: 128MB

Filesystem    Type   1K-blocks      Used Available Use% Mounted on
/dev/sda1     ext3      918322    276393    592933  32% /
tmpfs        tmpfs       63580         0     63580   0% /dev/shm
/dev/sda5     ext3       90297      4133     81347   5% /home
/dev/sda2     ext3       46665      4880     39376  12% /tmp
tmpfs        tmpfs       10240       100     10140   1% /dev

# /etc/fstab: static file system information.
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
/dev/sda1       /               ext3    defaults,errors=remount-ro 0       1
/dev/sda5       /home           ext3    defaults,loop=/dev/loop1,encryption=AES256,gpgkey=/etc/loopkeys/_dev_sda5.gpg 0       0
/dev/sda2       /tmp            ext3    defaults,loop=/dev/loop0,encryption=AES256,phash=random/1777 0       0
/dev/sda6       none            swap    sw,loop=/dev/loop2,encryption=serpent128 0       0
/dev/sda7       none            swap    sw,loop=/dev/loop3,encryption=twofish192 0       0
/dev/hdc        /media/cdrom0   udf,iso9660 user,noauto     0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto  0       0

losetup -a:
/dev/loop/0: [000c]:4458 (/dev/sda2) encryption=AES256 multi-key-v3
/dev/loop1: [000c]:4444 (/dev/sda5) encryption=AES256 multi-key-v3
/dev/loop2: [000c]:4434 (/dev/sda6) offset=4096 encryption=serpent128 multi-key-v3
/dev/loop3: [000c]:4462 (/dev/sda7) offset=4096 encryption=twofish192 multi-key-v3

Filename				Type		Size	Used	Priority
/dev/loop2                              partition	96344	0	-1
/dev/loop3                              partition	96344	0	-2

Initial boot worked:    [O]
Configure network HW:   [O]
Config network:         [O]
Detect CD:              [O]
Load installer modules: [O]
Detect hard drives:     [O]
Partition hard drives:  [O]
Create file systems:    [O]
Mount partitions:       [O]
Install base system:    [O]
Install boot loader:    [O]
Reboot:                 [O]

This install was focused on testing loop-AES support in

Test (features):
  OK   /home - GnuPG Keyfile
  OK   /tmp - random key
  OK   swap - random key
  OK   swap - random key

Test (sanity-checks):
  OK   on loop-AES: / 
  OK   on loop-AES: /boot
  OK   weak passphrase
  OK   ext3 on random key
  OK   unencrypted swap before "Configure encrypted volumes"
  FAIL unencrypted swap added later on


1. The entropy plugin required me to type randomly for 
about six minutes while it generated the key. This is quite long
and tiresome. While it only needs to be done at install time and
only once for each partition, something should be done to make
this require less direct input by the user. (Bug#381875)

2. To test the sanity checks I configured an encrypted volume 
with random key to hold /opt on ext3. The check worked correctly
and warned about this setup. I went back, changed the encrypted
volume to hold swap and chose "Finish partitioning" again, but the
warning still triggered although it was now configured with
method=swap. (bug documented in partman-crypto/BUGS)

Important problems:

3. Nothing in partman-crypto prevented me from setting up 
an unencrypted swap space AFTER encrypted volumes had been setup.
The installation continued without warning and the installed
system booted with encrypted loops and unencrypted swap. This
is quite bad but IMO doesn't make it unsuitable for beta3 as 
this is quite a corner case and we explicitly warn about
unsuitability for production use. (Bug#381870)


Reply to: