[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: BTRFS and debian

Le 12/07/2018 à 05:01, David Christensen a écrit :

On 07/11/18 11:29, Pascal Hambourg wrote:

Le 10/07/2018 à 05:33, David Christensen a écrit :
  In the Debian Installer, I choose 'manual' for 'partitioning method', create a new partition table (MBR), and create three primary partitions: 

1   ~1 GiB btrfs mounted at /boot
2   ~2 GiB LUKS (random key) with swap


How do you do that ?
AFAIK, you cannot set a random key with LUKS, only with plain dm-crypt.
Perhaps it is plain dm-crypt, not LUKS.  (I am not familiar with the internals of either, so my understanding is that of a parrot or blind man.) 


In the Debian Installer for Stretch:

1.  For "Partitioning method", choose "Manual".

2.  Create partitions, including a partition for swap.
3.  Move the highlight to the swap partition and press Enter to invoke the "Partition settings" pop-up dialog, and configure as follows (note "Encryption key" => "Random key" setting): 

         Partition settings:
             Use as                      physical volume for encryption
             Encryption method           Device-mapper (dm-crypt)
             Encryption                  aes
             Key size                    256
             IV algorithm                xts-plain64
             Encryption key              Random key
             Erase data                  yes
Yes, this uses plain dm-crypt, not LUKS. You can see it in the resulting /etc/crypttab (no "luks" option), and blkid/file/wipefs do not show any LUKS header on the partition.
Note that this setup is flawed when using a partition on an SCSI-like disk : the installer writes the device name /dev/sdX which is known to be not persistent (that's why UUIDs are used instead when possible). But a plain dm-crypt device has no header and UUID. It would be more reliable to use the PARTUUID= (synthetic on a DOS-partitioned disk) instead.
Reply to: