On Mon, Apr 14, 2008 at 06:07:12PM +0000, T. Nan wrote:
> If this isn't the appropriate place to ask this question, could
> somebody please point to the right direction?
That was the right place.
> I'd like to use full disk encryption using d-i partman-auto/method
> string crypto. However, as part of this process, the entire disk is
> wiped before the drive is crypted and formatted.
>
> I'm fully aware of the fact that this is best-practice security-wise
> and that not wiping the entire drive pose some degree of a
> security-threat, which is acceptable for my needs. However, based on
> my needs, it would be nice if the entire installation-process,
> including crypting the drive, would not take that long. Just wiping an
> entire drive cost more than one hour.
I have open a wishlist bug report [1] describing your issue. Work still
needs to be done, though.
If you feel like giving it a shot, you can probably start by hacking
autopartition-crypto and adding:
echo > $id/skip_erase
near:
echo dm-crypt > $id/crypto_type
As a side note, I don't see this option be added soon if you don't
provide us with some patches. So don't hesitate to give it a try [2].
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476388
[2] Frans' paper can be helpful:
http://d-i.alioth.debian.org/doc/talks/debconf6/paper/
Cheers,
--
Jérémy Bobbio .''`.
lunar@debian.org : :Ⓐ : # apt-get install anarchism
`. `'`
`-
Attachment:
signature.asc
Description: Digital signature