Page 2 of 5 FirstFirst 1234 ... LastLast
Results 11 to 20 of 49

Thread: HOWTO: BT4 Pre-Final Full Disk Encryption

  1. #11
    Member
    Join Date
    Jul 2007
    Posts
    104

    Default

    Quote Originally Posted by navels View Post
    Thanks for the great tutorial. And I am definitely interested in your USB how-to once you've got the wrinkles ironed out.
    Thank you for the feedback navels. The encrypted USB is working but I'm not sure how well. While I feel it is perfectly usable, others may feel differently. Performance seems slightly slower than it should or at least slower than the usb install of BT3 was. Anyway, for those that want to try it out, like you, I'll write a how to within a few days when I can find time. Writing down descriptive, and logical instructions on editing the initrd and the other commands takes some time that I unfortunately do not have right now.

  2. #12
    Member
    Join Date
    Jul 2007
    Posts
    104

    Default

    The guide on encrypting usb installs of BT4 can be found here.

  3. #13
    Member floyd's Avatar
    Join Date
    Mar 2009
    Posts
    231

    Default

    Quote Originally Posted by ESC201 View Post
    One of the pitfalls with encrypting multiple drives/partitions is that you need to enter the password for each of them at boot even it is the same for all of them. (Someone once told me you could circumvent this and only be required to enter it once by using an LVM but I've never investigated that.)

    As for encrypyting a swap partition, you could use a keyfile to auto-mount it. Nothing is saved in it so it doesn't pose a security risk. A quick, example crypttab file I just typed up can be seen below.

    Code:
    # name to give opened partition    partition block device      key file    encryption type
    root                             /dev/sda1               /home/user/key.file    luks
    This guide can explain how to set up an encrypted swap much better than I could.

    As for it not working for you, a good place to start troubleshooting would be to post your crypttab and fstab files. I might be able to help.



    If anyone is following my updates with encrypting the live cd / usb version of BT4, I've figured out how to encrypt the filesystem.squashfs file and the changes partition so it is still persistent. I have a few more things to test out and I need to go back and clean up the code I put in the initrd then I'll write a how to for it. I have yet to hear anyone express any interest in this so it isn't at the top of my priority list; I'm just taking my time.
    Thanks for the offer, but i figured it out in 2 minutes: the option should be relatime and not realtime in /etc/fstab, that's why it didn't work (typo). After that also kde started!

    I have to type in my password twice. If anyone want to (like ESC201 mentioned) do a LVM installation, maybe this helps: http://forums.remote-exploit.org/bt4...-luks-lvm.html . It didn't work for me, but I only tried it once.

    Thanks for the guide ESC201!
    Auswaertsspiel

  4. #14
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    I must be missing something somewhere. Once I'm chrooted grub can't find sda.

  5. #15
    Member floyd's Avatar
    Join Date
    Mar 2009
    Posts
    231

    Default

    hey barry

    sorry Im in a hurry, but try this (with mounting the proc and dev before chrooting):

    mkdir /mnt/bt4
    mount /dev/mapper/btcrypt-root /mnt/bt4/
    mkdir /mnt/bt4/boot/
    mount /dev/sda1 /mnt/bt4/boot
    cp --preserve -R /{bin,dev,home,pentest,root,usr,boot,etc,lib,opt,sb in,var} /mnt/bt4/
    mkdir /mnt/bt4/{mnt,tmp,proc,sys}
    chmod 1777 /mnt/bt4/tmp/
    mount -t proc proc /mnt/bt4/proc/
    mount -o bind /dev /mnt/bt4/dev/
    chroot /mnt/bt4/ /bin/bash
    Auswaertsspiel

  6. #16
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by floyd View Post
    hey barry

    sorry Im in a hurry, but try this (with mounting the proc and dev before chrooting):

    mount -t proc proc /mnt/root/proc/
    mount -o bind /dev /mnt/root/dev/
    chroot /mnt/root/ /bin/bash
    Yep, that fixed it! Thanks!


    Hey, I'm working on setting up my eee, whole disk encryption, with boot and root on the internal 4Gb "drive" and the rest on an 8Gb sdhc card. Found the how-to for auto unlock encrypted drives with keyfiles. The plan is to have a keyfile in the encrypted drive for the root partition on the built in drive. I'll post back how it goes... Here's the link.

    http://ubuntuforums.org/showthread.php?t=837416

  7. #17
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default It's alive!!!!!!!

    Got it!



  8. #18
    Member
    Join Date
    Jul 2007
    Posts
    104

    Default

    Sorry for the late reply. So much for email notification of replies to a subscribed thread.
    Anyway....

    Quote Originally Posted by floyd View Post
    the option should be relatime and not realtime in /etc/fstab, that's why it didn't work (typo). After that also kde started!
    Sorry about that, I just fixed it. That's what I get for typing everything from memory and not checking back over it.


    Quote Originally Posted by floyd View Post
    I have to type in my password twice. If anyone want to (like ESC201 mentioned) do a LVM installation, maybe this helps: http://forums.remote-exploit.org/bt4...-luks-lvm.html . It didn't work for me, but I only tried it once.
    I wonder how I missed that thread when I was originally searching this topic...

    Quote Originally Posted by floyd View Post
    mount -t proc proc /mnt/bt4/proc/
    mount -o bind /dev /mnt/bt4/dev/
    chroot /mnt/bt4/ /bin/bash
    I've added this info to the respective step in the guide. Thanks! I'm glad to hear others have got this working.

  9. #19
    Member floyd's Avatar
    Join Date
    Mar 2009
    Posts
    231

    Default

    Quote Originally Posted by ESC201 View Post
    Sorry about that, I just fixed it. That's what I get for typing everything from memory and not checking back over it.
    I hate to say that but now it's wrong again

    the correct word ist relatime
    wrong is realtime as well as relaatime
    Auswaertsspiel

  10. #20
    Member
    Join Date
    Jul 2007
    Posts
    104

    Default

    Quote Originally Posted by floyd View Post
    I hate to say that but now it's wrong again

    the correct word ist relatime
    wrong is realtime as well as relaatime
    Haha I'm really on a roll with these typo's here. NOW it's correct. Thanks again.

Page 2 of 5 FirstFirst 1234 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •