On Sun, Jul 06, 2008 at 01:21:00PM -0700, David L. Emerson wrote:
> Image version: debian-40r3-i386-netinst.iso
> […]
>
> This computer supports booting from USB, so I decided to install debian
> on a USB Flash drive. I wanted an encrypted root partition.
>
> PROBLEM 1. I first tried the "automatic" encrypted LVM setup. It
> insisted upon making a swap partition, and I was unable to delete that
> partition. Of course I don't want a swap partition on a flash based
> drive. I ultimately had to back up several steps and do a manual setup.
The automatic encrypted LVM setup create the swap partition as a Logical
Volume. The easiest (but not obvious) way to get rid of it would have
been to:
* go to "Configure the Logical Volume Manager",
* remove both Logical Volumes (swap_1 and root),
* create a new Logical Volume (root),
* apply those changes,
* configure the newly created Logical Volume (root) as /
We could probably manage to detect that we are partitioning a Solid
State Device, and skip the creation of a swap partition, but this would
require a fair amount of changes in partman. I doubt anyone will be
working on that in the d-i team, but patches are more than welcome.
> PROBLEM 2. Before I started the install, I used dd if=/dev/urandom
> of=/dev/sda to write random data to the drive, which makes cracking an
> encrypted partition/drive much more difficult. However, the debian
> installer insisted on writing (zeros?) to the to-be-encrypted partition
> before formatting. This was very time consuming, wasteful/redundant,
> and perhaps a security liability as well. In fact, the installer did
> this several times due to problem 1 ;)
> I should be able to skip that writing since I already did it myself.
The installer is not writing zeros. It is actually doing a similar
process than the one you did by yourself! :)
It can be avoided though when using manual partitioning, by switching
"Erase data" to "no" while configuring the partition used as "physical
volume for encryption".
> PROBLEM 3. System would not boot!! .....
>
> It brought up the grub menu just fine, and began loading the kernel and
> initramfs. The problem occured when it tried to configure lvm
> (/usr/share/initramfs-tools/scripts/local-top/lvm) -- the kernel had
> not yet detected the presence of the USB Flash drive! Thus the call to
> activate_vg "$ROOT" was doomed to failure, since udev had not yet
> discovered the root device. A few seconds after the failure messages,
> udev discovered the device -- udev had "settled" before running
> local-top, but the USB event came later.
> […]
AFAIK, a lot of related issues have been fixed for Lenny. If you could
give it a try, it would be great.
Cheers,
--
Jérémy Bobbio .''`.
lunar@debian.org : :Ⓐ : # apt-get install anarchism
`. `'`
`-
Attachment:
signature.asc
Description: Digital signature