Re: random data during install
On Fri 29 Jul 2022 at 19:19:43 (+0100), Piscium wrote:
> When using netinst iso to install Debian, one is offered the
> possibility of guided install with encrypted LVM. if such a choice is
> made the installer fills the partition with random data. That is
> generally the correct thing to do but in some cases that is not needed
> or desired and it is an inconvenience. Is there a way to disable that?
People with more experience of preseeding might comment on
whether this suggestion would work. I notice that this option
is available, which might be what you want:
# When disk encryption is enabled, skip wiping the partitions beforehand.¹
#d-i partman-auto-crypto/erase_disks boolean false
You might wish to combine this with:
"Boot parameters can also be used if you do not really want
to use preseeding, but just want to provide an answer for
a specific question. Some examples where this can be useful
are documented elsewhere in this manual."²
PS: Marco's suggestion is officially sanctioned:
┌──────────┤ Erasing data on SCSI1 (0,0,0), partition #5 (sda) ├──────────┐
│ │
│ 100% │
│ │
│ The installer is now overwriting SCSI1 (0,0,0), partition #5 (sda) │
│ with random data to prevent meta-information leaks from the encrypted │
│ volume. This step may be skipped by cancelling this action, albeit at │
│ the expense of a slight reduction of the quality of the encryption. │
│ <Cancel> │
│ │
└─────────────────────────────────────────────────────────────────────────┘
I presume the quality reduction is in the hiding of metadata,
eg, being able to see the highwatermark of data quantity written,
rather than in the encryption of the actual data.
¹ halfway down
https://www.debian.org/releases/bullseye/example-preseed.txt
² § B.2.2 of
https://www.debian.org/releases/stable/amd64/apbs02.en.html
Cheers,
David.
Reply to: