[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Howto prevent full disk crypto from wiping entire drive/partition?


If this isn't the appropriate place to ask this question, could somebody please point to the right direction?

I'd like to use full disk encryption using d-i partman-auto/method string crypto. However, as part of this process, the entire disk is wiped before the drive is crypted and formatted.

I'm fully aware of the fact that this is best-practice security-wise and that not wiping the entire drive pose some degree of a security-threat, which is acceptable for my needs. However, based on my needs, it would be nice if the entire installation-process, including crypting the drive, would not take that long. Just wiping an entire drive cost more than one hour.

The whole LUKS encryption mechanism within Debian uses a device mapper in order to map crypto-partitions to 'regular' partitions, which in turn can be formatted with a regular filesystem. This can be manually configured using the "manual" option when partitioning a drive within a regular Debian Installation. 

In this scenario, I am able to configure crypted partition, and prevent them from being wiped (just created), which reduce the whole timeperiod for installation significantly. However, I cannot find any documentation about how to create such a crypto-setup using partman recipes (just regular filesystems). If anyone can point me to some resources, I would be very grateful. 

With regards. 

T. N. 
Express yourself instantly with MSN Messenger! Download today it's FREE!

Reply to: