The guide on encrypting usb installs of BT4 can be found here.
Thank you for the feedback navels. The encrypted USB is working but I'm not sure how well. While I feel it is perfectly usable, others may feel differently. Performance seems slightly slower than it should or at least slower than the usb install of BT3 was. Anyway, for those that want to try it out, like you, I'll write a how to within a few days when I can find time. Writing down descriptive, and logical instructions on editing the initrd and the other commands takes some time that I unfortunately do not have right now.Originally Posted by navels
The guide on encrypting usb installs of BT4 can be found here.
Thanks for the offer, but i figured it out in 2 minutes: the option should be relatime and not realtime in /etc/fstab, that's why it didn't work (typo). After that also kde started!One of the pitfalls with encrypting multiple drives/partitions is that you need to enter the password for each of them at boot even it is the same for all of them. (Someone once told me you could circumvent this and only be required to enter it once by using an LVM but I've never investigated that.)
As for encrypyting a swap partition, you could use a keyfile to auto-mount it. Nothing is saved in it so it doesn't pose a security risk. A quick, example crypttab file I just typed up can be seen below.
This guide can explain how to set up an encrypted swap much better than I could.Code:# name to give opened partition partition block device key file encryption type root /dev/sda1 /home/user/key.file luks
As for it not working for you, a good place to start troubleshooting would be to post your crypttab and fstab files. I might be able to help.
If anyone is following my updates with encrypting the live cd / usb version of BT4, I've figured out how to encrypt the filesystem.squashfs file and the changes partition so it is still persistent. I have a few more things to test out and I need to go back and clean up the code I put in the initrd then I'll write a how to for it. I have yet to hear anyone express any interest in this so it isn't at the top of my priority list; I'm just taking my time.
I have to type in my password twice. If anyone want to (like ESC201 mentioned) do a LVM installation, maybe this helps: http://forums.remote-exploit.org/bt4...-luks-lvm.html . It didn't work for me, but I only tried it once.
Thanks for the guide ESC201!
Auswaertsspiel
I must be missing something somewhere. Once I'm chrooted grub can't find sda.
hey barry
sorry Im in a hurry, but try this (with mounting the proc and dev before chrooting):
mkdir /mnt/bt4
mount /dev/mapper/btcrypt-root /mnt/bt4/
mkdir /mnt/bt4/boot/
mount /dev/sda1 /mnt/bt4/boot
cp --preserve -R /{bin,dev,home,pentest,root,usr,boot,etc,lib,opt,sb in,var} /mnt/bt4/
mkdir /mnt/bt4/{mnt,tmp,proc,sys}
chmod 1777 /mnt/bt4/tmp/
mount -t proc proc /mnt/bt4/proc/
mount -o bind /dev /mnt/bt4/dev/
chroot /mnt/bt4/ /bin/bash
Auswaertsspiel
Yep, that fixed it! Thanks!
Hey, I'm working on setting up my eee, whole disk encryption, with boot and root on the internal 4Gb "drive" and the rest on an 8Gb sdhc card. Found the how-to for auto unlock encrypted drives with keyfiles. The plan is to have a keyfile in the encrypted drive for the root partition on the built in drive. I'll post back how it goes... Here's the link.
http://ubuntuforums.org/showthread.php?t=837416
It's alive!!!!!!!
Got it!
Sorry for the late reply. So much for email notification of replies to a subscribed thread.
Anyway....
Sorry about that, I just fixed it. That's what I get for typing everything from memory and not checking back over it.
I wonder how I missed that thread when I was originally searching this topic...
I've added this info to the respective step in the guide. Thanks! I'm glad to hear others have got this working.
I hate to say that but now it's wrong againSorry about that, I just fixed it. That's what I get for typing everything from memory and not checking back over it.
the correct word ist relatime
wrong is realtime as well as relaatime
Auswaertsspiel
Haha I'm really on a roll with these typo's here.I hate to say that but now it's wrong again
the correct word ist relatime
wrong is realtime as well as relaatimeNOW it's correct. Thanks again.
Posting Permissions
