Bug#381960: crypto installation report (dm-crypt)
Package: installation-reports
Boot method: businesscard ISO
Image version: 2006-08-07 build from
http://cdimage.debian.org/cdimage/daily-builds/sid_d-i/arch-latest/i386/iso-cd/debian-testing-i386-businesscard.iso
Machine: VMWare Player 1.0.1 build-19317
Memory: 128MB
Partitions:
Filesystem Type 1K-blocks Used Available Use% Mounted on
/dev/sda1 ext3 918322 347392 521934 40% /
tmpfs tmpfs 63580 0 63580 0% /dev/shm
/dev/mapper/crypt0
ext3 44194 4133 37703 10% /home
/dev/mapper/crypt3
ext3 89329 4135 80428 5% /usr/local
tmpfs tmpfs 10240 100 10140 1% /dev
# /etc/fstab: static file system information.
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
/dev/sda1 / ext3 defaults,errors=remount-ro 0 1
/dev/mapper/crypt0 /home ext3 defaults 0 2
/dev/mapper/crypt1 /opt ext3 defaults 0 2
/dev/mapper/crypt3 /usr/local ext3 defaults 0 2
/dev/mapper/crypt2 none swap sw 0 0
/dev/hdc /media/cdrom0 udf,iso9660 user,noauto 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto 0 0
/etc/crypttab:
crypt0 /dev/sda2 none luks
crypt1 /dev/sda3 none luks
crypt2 /dev/sda5 /dev/random cipher=twofish-cbc-essiv:sha256,size=256,swap
crypt3 /dev/sda6 none luks
cryptsetup status crypt{0,1,2,3}:
/dev/mapper/crypt0 is active:
cipher: aes-cbc-essiv:sha256
keysize: 256 bits
device: /dev/.static/dev/sda2
offset: 2056 sectors
size: 94334 sectors
mode: read/write
/dev/mapper/crypt1 is inactive.
/dev/mapper/crypt2 is active:
cipher: twofish-cbc-essiv:sha256
keysize: 256 bits
device: /dev/.static/dev/sda5
offset: 0 sectors
size: 192717 sectors
mode: read/write
/dev/mapper/crypt3 is active:
cipher: aes-cbc-essiv:sha256
keysize: 256 bits
device: /dev/.static/dev/sda6
offset: 2056 sectors
size: 190661 sectors
mode: read/write
/proc/swaps:
Filename Type Size Used Priority
/dev/mapper/crypt2 partition 96348 0 -1
Initial boot worked: [O]
Configure network HW: [O]
Config network: [O]
Detect CD: [O]
Load installer modules: [O]
Detect hard drives: [O]
Partition hard drives: [O]
Create file systems: [O]
Mount partitions: [O]
Install base system: [O]
Install boot loader: [O]
Reboot: [O]
This install was focused on testing dm-crypt support in
partman-crypto. It was done in german language.
Test (features):
OK /home Passphrase (crypt0, aes-cbc-essiv:sha256, 256 bits)
FAIL /opt Passphrase (crypt1, serpent-cbc, 256 bits)
OK swap Random key (crypt2, twofish-cbc-essiv:sha256, 256 bits)
OK /usr/local Passphrase (crypt3, aes-cbc-essiv:sha256, 256 bits)
Test (sanity-checks):
OK weak passphrase
OK ext3 on random key
OK unencrypted swap before "Configure encrypted volumes"
FAIL unencrypted swap added later on
Usability:
1. It was a little confusing that after I was asked to enter the
passphrases for sda2, sda3 and sda6, there was no apparent way to
"connect" which of those partitions corresponded to which of the
encrypted volumes in the main partman menu. This might be related
to the german language setting: The mountpoint column showed part
of the string "Verschlüsseltes Volume (%s)" (translation for:
"Encrypted volume (%s)"), but the string was cut in the middle of
"Volume" IIRC, so that the part that includes the name of the
actual encrypted device was not visible.
Problems:
2. For the encrypted device crypt1 on /dev/sda3 I entered a
passphrase that included two umlauts. The first odd thing was that
the asterisk usually shown in the passphrase entry field was shown
differently: The asterisk appeared, but the cursor was not advanced
to the next character. I continued through the installation, but
found that entering the same passphrase during boot did not work. I
tried unsetting LANG, calling unicode_start/_stop before running
/etc/init.d/cryptdisks start once the system had booted, but none
of those combinations would accept the original passphrase
("äppelwöi"). This is a little surprising, because S05keymap.sh
runs earlier during boot than S26cryptdisks-early.
The install was successfull apart from the above issues.
cheers,
Max
Reply to: