Re: Encrypted containers & the Debian installer.

To: debian-user@lists.debian.org
Subject: Re: Encrypted containers & the Debian installer.
From: David Wright <deblis@lionunicorn.co.uk>
Date: Fri, 18 May 2018 10:35:00 -0500
Message-id: <[🔎] 20180518153500.GA7121@alum>
Reply-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 16371b473d3.120be7e04182649.3927606069572615407@niwas.net>
References: <[🔎] 163678d6627.e1d3218e8796.5021193021553864846@niwas.net> <[🔎] 20180516144242.GB6709@alum> <[🔎] 16371b473d3.120be7e04182649.3927606069572615407@niwas.net>

On Thu 17 May 2018 at 22:24:01 (-0700), Diagonal Arg wrote:
> 
> 
> 
>  ---- On Wed, 16 May 2018 07:42:42 -0700 David Wright <deblis@lionunicorn.co.uk> wrote ---- 
>  > On Tue 15 May 2018 at 23:05:10 (-0700), Diagonal Arg wrote: 
>  > > On my first tries with the Debian installer, I am struggling with the limited resources for installing to encrypted disks.  I am using the same technique I have used with Ubuntu, but failing at the last step: 
>  > >  
>  > > I create my luks disk(s) before-hand, then run the installer.  I find I have to anna-install cryptsetup-udeb, as there is no such choice in "Load Installer Modules".  Dropping to a shell, opening the disk, and  re-detecting hard drives allows me to carry out the installation (as long as there's a filesystem in the mapped device), but on reboot I'm at an initramfs without cryptsetup.  So I use a debian-live to pivot into the system to create a crypttab.  I find I also have to install cryptsetup.  Then I run update-initramfs.  Here is where I'm stuck.  The new initramfs still does not include cryptsetup.  Why is it not recognizing the crypttab? 
>  >  
>  >   │    [ ] crypto-dm-modules-4.9.0-2-686-di: devicemapper crypto module          ▮  │    
> 
> David - thanks, but crypto-dm-modules does not include cryptsetup.
> 
> And, even when I anna-install it, it doesn't help with the other issues I mentioned above.

OK, well I haven't got time to check this out but here's my guess of
what's going on. I've never used anna-install to play tricks behind
the installer's back. If you take upon yourself the unlocking of
encrypted disks and then use the d-i to build a system, the d-i may
be unaware that there are any encrypted partitions in the installation.

I can also see from other people's comments elsewhere that you might
be within a hair's breadth of wiping your encrypted partition(s)
during this process. However, just to get the necessary software
installed by the d-i in the final product, a workaround to try
might be to create during installation an encrypted partition on,
say, a nonce stick for a nonce mountpoint.

As I say, I haven't tried it out. Risks are that using the d-i's
partitioner to encrypt the stick does something simultaneously to
the original partitions you're trying to preserve, and also the
/etc/crypttab that gets written will want the stick to be present
at first boot (before you rewrite it).

Sometime I will try this out on a scratch PC. Mine all have room
for two systems, so I can install A, encrypted in the usual manner
and then try installing on the B root partition, keeping the
shared encrypted /home partition. (I haven't used LVM so can't
see how that would interact with things.)

Cheers,
David.

Reply to:

Follow-Ups:
- Encrypted containers & the Debian installer.
  - From: Diagonal Arg <debian.org@niwas.net>
- Re: Encrypted containers & the Debian installer.
  - From: Diagonal Arg <debian.org@niwas.net>

References:
- Encrypted containers & the Debian installer.
  - From: Diagonal Arg <debian.org@niwas.net>
- Re: Encrypted containers & the Debian installer.
  - From: David Wright <deblis@lionunicorn.co.uk>
- Re: Encrypted containers & the Debian installer.
  - From: Diagonal Arg <debian.org@niwas.net>

Prev by Date: Re: lightdm (testing): Long waiting time after login
Next by Date: Re: UEFI/"BIOS" booting, was Re: USB Install Fails, Complains about CD-ROM
Previous by thread: Re: Encrypted containers & the Debian installer.
Next by thread: Encrypted containers & the Debian installer.
Index(es):
- Date
- Thread