Ken Heard wrote: > My problem is the same as it has always been since December 27th, the day I > started to create an operating system in a new computer which I purchased > for use in Thailand. So far I have not been successful. It is always best to try to solve one problem at a time rather than trying to solve a dozen problems at the same time. Because otherwise the discussion gets intermingled and too hard to separate. The best computer science debugging rule is to "divide and conquer". > The partitioning configuration I want would start with RAID1 using two 2 tb > HDDs. The RAID1 would have four partitions, for /boot, swap, /tmp and the > LVM. The swap and /temp partitions would be encrypted with a random > key.Four other partitions would be part of the LVM: /, /var and two /home > partitions, one for each of the two users who will be using this computer. Note that presently random encryption keys are only supported for swap partitions. They are not supported for partitions like /tmp with a file system. You want LVM. That is great. You want it encrypted. That is fine too. But then why have swap and /tmp as partitions outside of the LVM? That leads to higher complexity. It causes three different encryption keys to be managed to start the system. I strongly recommend putting swap and /tmp in the LVM too. Alternatively use a tmpfs for /tmp. The ability to do this depends upon your system needs due to the limited storage space available in a tmpfs. But if the use model works then using a tmpfs works nicely. If the use model isn't compatible (need a lot of /tmp space) then simply use a logical partition out of the LVM. > There are three obstacles to achieving the partitioning configuration I > want. The first is that the operating system will not accept RAID1. That is a good *single* problem statement. Work that problem to conclusion. Don't mix in a dozen other problems. Pick one problem and work through to conclusion first. Why will "the operating system will not accept RAID1"? Works for me. I use an RAID1 filesystems daily. > The second is that encryption of the /tmp partition is not accepted > either, although encryption of the swap partition is. Random keys for file system partitions are not supported. You have no support for using random keys with /tmp. Random encryption keys are only supported for swap partitions. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517471 Before answering this posting I ran through a test installation to refresh my memory on these actions. The installer worked fine. I was able to do all of the actions you have requested. RAID1 across two devices. Encrypted file system. LVM. All worked fine for me. As long as I only used supported features and not a random key on /tmp. > The third obstacle is that while I was able to create a usable operating > system complete with a desktop environment but without RAID1, LVM and > encryption of /tmp, I cannot open tty1 through tty6 virtual terminals by > pressing the ctl-alt-F1 through F6 combination. When I try the > machine seizes up and requires to be rebooted. This is a separate problem. This is most likely due to insufficient graphics driver support for your hardware. I have experienced this problem myself. In Wheezy 7 timeframe the upstream kernel removed much of the legacy hardware support. The migration to KMS dropped a lot of previously supported hardware. Or you might have hardware that is too new and requires a newer driver than currently available. You said you had the Intel Haswell 4600 and I don't know if that is supported or not. I suggest these options. 1) Install firmware-linux-nonfree and hope it handles your hardware. 2) Install the latest backports kernel and drivers and firmware. 3) Install Squeeze which had better legacy hardware support. None of which are great options. In both cases install a simple system on one partition without lvm, without encryption and test until you have good hardware support. This should be the first thing you do on a new system. Verify that you have sufficient hardware support. Only after this is it a good idea to move to trying other fancier more complicated configuration such as raid, encryption, lvm, and so forth. Bob
Attachment:
signature.asc
Description: Digital signature