Weblog entry #1 for bluekey
See all weblog entries made by bluekey.
#1
Install Debian Squeeze with disk encryption
Posted by bluekey on Fri 3 Sep 2010 at 19:33
I thought I write a mini howto because once again I managed to screw it up for the first time.
I skip throguh all the other details such as what other oses i have on the box or other parts of the installation
than the disk partitioning and setting up the encryption.
In this example I have a partition on the disk dedicated (sda3) for encryption
sda3
\
luks dmcrypt
\
LVM
\
LVM root vg
\ LVM lv 1
\ LVM lv 2
\ LVM lv 3
The reason why you might want to install your os like this is because you only have to enter your pass once
to unlock all the partitions inside (otherwise you would have to enter it per encrypted partition).
1, Configure encrypted volumes
2, Select sda3
3, back to the menu
4, Select Encrypted volume (sda3_crypt) from the list
Inside there will be 1 FS by default (ext3) cange the type of it to pysical volume for LVM
5, Go to Configure the logical volume manager in the menu
6, Create volume group (enter whatever name like rootvg and select /dev/mapper/sda3_crypt)
7, Create logical volumes
/
home
var
...
swap (don't forget swap)
8, For all logical volume configure the filesystems and mount points
Done.
Note: What I screwed up for the first time was that I selected a primary partition for disk encryption but it didn't
create it right away. Then I just created an lvm which overwrote my encrypted partition so I ended up having an
unencrypted LVM setup. Make sure then after you created an encrypted partition you go to finish, when it asks your password
and the encrypted partition SHOWS UP in the list where you going to create the LVM inside.
I skip throguh all the other details such as what other oses i have on the box or other parts of the installation
than the disk partitioning and setting up the encryption.
In this example I have a partition on the disk dedicated (sda3) for encryption
sda3
\
luks dmcrypt
\
LVM
\
LVM root vg
\ LVM lv 1
\ LVM lv 2
\ LVM lv 3
The reason why you might want to install your os like this is because you only have to enter your pass once
to unlock all the partitions inside (otherwise you would have to enter it per encrypted partition).
1, Configure encrypted volumes
2, Select sda3
3, back to the menu
4, Select Encrypted volume (sda3_crypt) from the list
Inside there will be 1 FS by default (ext3) cange the type of it to pysical volume for LVM
5, Go to Configure the logical volume manager in the menu
6, Create volume group (enter whatever name like rootvg and select /dev/mapper/sda3_crypt)
7, Create logical volumes
/
home
var
...
swap (don't forget swap)
8, For all logical volume configure the filesystems and mount points
Done.
Note: What I screwed up for the first time was that I selected a primary partition for disk encryption but it didn't
create it right away. Then I just created an lvm which overwrote my encrypted partition so I ended up having an
unencrypted LVM setup. Make sure then after you created an encrypted partition you go to finish, when it asks your password
and the encrypted partition SHOWS UP in the list where you going to create the LVM inside.