[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#381960: crypto installation report (dm-crypt)

Package: installation-reports

Boot method: businesscard ISO
Image version: 2006-08-07 build from

Machine: VMWare Player 1.0.1 build-19317
Memory: 128MB

Filesystem    Type   1K-blocks      Used Available Use% Mounted on
/dev/sda1     ext3      918322    347392    521934  40% /
tmpfs        tmpfs       63580         0     63580   0% /dev/shm
              ext3       44194      4133     37703  10% /home
              ext3       89329      4135     80428   5% /usr/local
tmpfs        tmpfs       10240       100     10140   1% /dev

# /etc/fstab: static file system information.
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
/dev/sda1       /               ext3    defaults,errors=remount-ro 0       1
/dev/mapper/crypt0 /home           ext3    defaults        0       2
/dev/mapper/crypt1 /opt            ext3    defaults        0       2
/dev/mapper/crypt3 /usr/local      ext3    defaults        0       2
/dev/mapper/crypt2 none            swap    sw              0       0
/dev/hdc        /media/cdrom0   udf,iso9660 user,noauto     0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto  0       0

crypt0 /dev/sda2 none luks
crypt1 /dev/sda3 none luks
crypt2 /dev/sda5 /dev/random cipher=twofish-cbc-essiv:sha256,size=256,swap
crypt3 /dev/sda6 none luks

cryptsetup status crypt{0,1,2,3}:
/dev/mapper/crypt0 is active:
  cipher:  aes-cbc-essiv:sha256
  keysize: 256 bits
  device:  /dev/.static/dev/sda2
  offset:  2056 sectors
  size:    94334 sectors
  mode:    read/write
/dev/mapper/crypt1 is inactive.
/dev/mapper/crypt2 is active:
  cipher:  twofish-cbc-essiv:sha256
  keysize: 256 bits
  device:  /dev/.static/dev/sda5
  offset:  0 sectors
  size:    192717 sectors
  mode:    read/write
/dev/mapper/crypt3 is active:
  cipher:  aes-cbc-essiv:sha256
  keysize: 256 bits
  device:  /dev/.static/dev/sda6
  offset:  2056 sectors
  size:    190661 sectors
  mode:    read/write

Filename				Type		Size	Used	Priority
/dev/mapper/crypt2                      partition	96348	0	-1

Initial boot worked:    [O]
Configure network HW:   [O]
Config network:         [O]
Detect CD:              [O]
Load installer modules: [O]
Detect hard drives:     [O]
Partition hard drives:  [O]
Create file systems:    [O]
Mount partitions:       [O]
Install base system:    [O]
Install boot loader:    [O]
Reboot:                 [O]

This install was focused on testing dm-crypt support in
partman-crypto. It was done in german language.

Test (features):
  OK   /home       Passphrase (crypt0, aes-cbc-essiv:sha256, 256 bits)
  FAIL /opt        Passphrase (crypt1, serpent-cbc, 256 bits)
  OK   swap        Random key (crypt2, twofish-cbc-essiv:sha256, 256 bits)
  OK   /usr/local  Passphrase (crypt3, aes-cbc-essiv:sha256, 256 bits)

Test (sanity-checks):
  OK   weak passphrase
  OK   ext3 on random key
  OK   unencrypted swap before "Configure encrypted volumes"
  FAIL unencrypted swap added later on


1. It was a little confusing that after I was asked to enter the
passphrases for sda2, sda3 and sda6, there was no apparent way to 
"connect" which of those partitions corresponded to which of the
encrypted volumes in the main partman menu. This might be related
to the german language setting: The mountpoint column showed part
of the string "Verschlüsseltes Volume (%s)" (translation for:
"Encrypted volume (%s)"), but the string was cut in the middle of
"Volume" IIRC, so that the part that includes the name of the
actual encrypted device was not visible.


2. For the encrypted device crypt1 on /dev/sda3 I entered a
passphrase that included two umlauts. The first odd thing was that
the asterisk usually shown in the passphrase entry field was shown
differently: The asterisk appeared, but the cursor was not advanced
to the next character. I continued through the installation, but
found that entering the same passphrase during boot did not work. I
tried unsetting LANG, calling unicode_start/_stop before running
/etc/init.d/cryptdisks start once the system had booted, but none
of those combinations would accept the original passphrase
("äppelwöi"). This is a little surprising, because S05keymap.sh
runs earlier during boot than S26cryptdisks-early. 

The install was successfull apart from the above issues.


Reply to: