Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Encrypted Root File System, Swap, etc...
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3 ... 7, 8, 9 ... 11, 12, 13  Next  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
viperlin
Veteran
Veteran


Joined: 15 Apr 2003
Posts: 1317
Location: UK

PostPosted: Sun Jul 13, 2003 10:48 pm    Post subject: Reply with quote

i fixed it: here's how.

i realised it must be the loop driver thats faulty, so it took a while but i:

de-crypted my hdd, booted gentoo as normal and deleted the /usr/src/loopAES directory and started the tutorial again, after that & making sure i had the devfs things done i re-encrypted booted up and it worked perfectly

i now have 2 encrypted hdd's encrypted swap and another hdd's gettin encrypted tomotow or tonight, whenever i can be bothered.

hope it helps, it's lots of waiting i know but if you'r 100% no idea then u might as well try it anyway.
Back to top
View user's profile Send private message
Wilhelm
Tux's lil' helper
Tux's lil' helper


Joined: 27 May 2003
Posts: 149

PostPosted: Sun Jul 13, 2003 11:16 pm    Post subject: Reply with quote

OK solved it.

Getting errors like /lib failed in my case where caused by a wrong setting in build-initrd.sh

The entries for the devices MUST be in the following form.

DEVROOT=/dev/ide/host0/bus0/target0/lun0/part1

If not IT WILL FAIL.


Chadders might it not be a good idea to re-edit the HOWTO and add all the bit's and pieces mentioned throughout the 7 pages of forum. Most hurdles i came across ended up being answered in the the following messages.

Luckily my system is fully encrypted except for the boot partition :].

Anhow You-Da-Man ;]
Back to top
View user's profile Send private message
watersb
Apprentice
Apprentice


Joined: 04 Sep 2002
Posts: 297
Location: where the hell is Tesuque, New Mexico?

PostPosted: Mon Jul 14, 2003 12:40 am    Post subject: Reply with quote

chadders wrote:
watersb wrote:

I have been working with the kerneli cryptoloop patches with 2.5.73, and they work fine. I thought that loop-AES also works, but I have not tested this so I don' t know what might be going wrong.


I'm getting ready to reinstall everything. Watersb, do you like the kerneli cryptoloop patches better than loop-AES now? I don't want to rebuild again for awhile and I will try the 2.5 kernels and kerneli cryptoloop if everything works good for you.


I prefer the kerneli patches, because the code looks cleaner to me for the 2.5.x kernels -- and now that it will be incorporated as a standard into the mainline kernel, I think that we may all win. From looking at the code, I think that the kerneli approach was the correct one from a technical standpoint -- NOT to flame loop-AES!!! -- but simply from the standpoint of re-using existing kernel features which were some of the main development poitnts for 2.5: the new block I/O subsystem and the kernel-wide crypto routines.

That said, I actually prefer the feature set of Jari's patches for util-linux; I have been using GPG to encrypt the hard-disk password, and storing that GPG keyring on an external device. This sort of thing can be implemented as a script pre-processor to losetup or mount, and indeed loop-AES detractors make this point. But I am developing whole-disk encryption at boot-time, and it's much easier to have things in the executable at the moment. So anyway I am very happy with the recent developments of util-linux, and I hope that my postings to the mailing lists have helped that work.

So: I am pleased with the kerneli cryptoloop. I am using util-linux with the loop-AES developer's patches and am happy with that.

I simply cannot get pivot_root to work with a 2.5 kernel; I have been trying to get that to work since December and cannot do so. Any help would be appreciated, as I cannot get encrypted-root-disk to work without some sort of mount-root mechanism.
Back to top
View user's profile Send private message
Aonoa
Guru
Guru


Joined: 23 May 2002
Posts: 589

PostPosted: Mon Jul 14, 2003 11:27 am    Post subject: Reply with quote

watersb, I have encrypted my 2.4.20-r5 system with loop-AES. Do you think I can easily (without having to de/re-encrypt) convert to start using kerneli instead ?

I want to try the new 2.6.0-test1 kernel and it has CryptoAPI with CryptoLoop support built-in. I guess all I can do is try :)
Back to top
View user's profile Send private message
watersb
Apprentice
Apprentice


Joined: 04 Sep 2002
Posts: 297
Location: where the hell is Tesuque, New Mexico?

PostPosted: Tue Jul 15, 2003 12:20 pm    Post subject: Reply with quote

eonic wrote:
watersb, I have encrypted my 2.4.20-r5 system with loop-AES. Do you think I can easily (without having to de/re-encrypt) convert to start using kerneli instead ?

I want to try the new 2.6.0-test1 kernel and it has CryptoAPI with CryptoLoop support built-in. I guess all I can do is try :)

I believe that you could set up loop-AES so that it is compatible with kerneli -- by specifying the RIPEM160 hash for passwords -- but you need to know to do that up front, when you initially set up the loop-AES encryption.

Since the passing of the (hashed) password is a userspace process, using a loop-AES disk with the kerneli cryptoloop driver is probably a matter of passing the correct parameters to losetup or mount.

Please look at the mailing list archives on kerneli.org for more details... I am having some config probs with my system at the moment... when I have more time I can post more info.
Back to top
View user's profile Send private message
Aonoa
Guru
Guru


Joined: 23 May 2002
Posts: 589

PostPosted: Tue Jul 15, 2003 7:44 pm    Post subject: Reply with quote

Oh well.. I've unencrypted my partitions now and trying to get a decent setup with 2.6.0-test1 working. (Some issues with my USB mouse). After that I'll see what I'll do about encryption.

Most likely I'll use the CryptoAPI when encrypting my root again, perhaps with another cipher than AES.
Back to top
View user's profile Send private message
Wilhelm
Tux's lil' helper
Tux's lil' helper


Joined: 27 May 2003
Posts: 149

PostPosted: Wed Jul 16, 2003 11:47 am    Post subject: Reply with quote

Eonic doesn't the new 2.6.0 kernel have the cryptAPI (or whatever crypto system) directly built into and better integrated into the kernel??

Could you report back on what they did with cryptology and if so how easy it works ;)

Oh btw AES is one of the very best cyphers around. I assume yu want a less known cypher. What would be even kewler is your very own cypher so that the Feds wouldn't even know how the cypher was encoded decoded :)
Back to top
View user's profile Send private message
Aonoa
Guru
Guru


Joined: 23 May 2002
Posts: 589

PostPosted: Wed Jul 16, 2003 3:29 pm    Post subject: Reply with quote

Wilhelm:

Yes, the new 2.6.0-test1 does have cryptoAPI built-in along with cryptoloop so it should be rather easy to implement it to any system.

However, I can't be arsed trying until my USB mouse works with 2.6.
There has been a few others too that's having trouble with USB devices so I hope this get's fixed soon. When it does I will try the cryptoAPI in the 2.6 kernel.

As for a cipher; I might try blowfish.. it supports up to 448bit encryption, though uncertain about whether or not losetup can be used with 448bit blowfish encryption.
Back to top
View user's profile Send private message
Wilhelm
Tux's lil' helper
Tux's lil' helper


Joined: 27 May 2003
Posts: 149

PostPosted: Wed Jul 16, 2003 4:31 pm    Post subject: Reply with quote

Hope you get your mouse running soon then ;).

I might give the development sources a go on my logging server after i get back from holiday. Then i'll check out encryption too.

According to the man-pages you can't do 448bit blowfish. blowfish256 is the max. What i would suggest if you don't beleive 256bit to be safe then run it through 2 loop devices both with a different password. Also 448 bit key would require a BIG password.
Back to top
View user's profile Send private message
Aonoa
Guru
Guru


Joined: 23 May 2002
Posts: 589

PostPosted: Thu Jul 17, 2003 5:01 am    Post subject: Reply with quote

Blowfish256 is max, bugger. Oh well, does not matter much as I consider 256bit good, I know I read that blowfish itself has up to 448bit encryption.. just not possible to go that high in this case I guess.

Mm.. my friends gawked at my 20+ key password, hehe which is the minimal for loop-AES.

Which is faster, do you know ? blowfish256 or AES256
Any specific flaws in either ?
Back to top
View user's profile Send private message
Wilhelm
Tux's lil' helper
Tux's lil' helper


Joined: 27 May 2003
Posts: 149

PostPosted: Thu Jul 17, 2003 4:06 pm    Post subject: Reply with quote

eonic wrote:
Blowfish256 is max, bugger. Oh well, does not matter much as I consider 256bit good, I know I read that blowfish itself has up to 448bit encryption.. just not possible to go that high in this case I guess.

Mm.. my friends gawked at my 20+ key password, hehe which is the minimal for loop-AES.

Which is faster, do you know ? blowfish256 or AES256
Any specific flaws in either ?


What i know is what i read.

According to some websites:

Blowfish is fast and a bigger key doesn't cause longer computation time.
Blowfish has vulnerabilities if less than 14 rounds are used (i thing that's the iteration count). Some other attacks are available on specific strains of keys.

AES is the newest standard and according to my literature the best choice.
AES has no known threats but it's still to early to be certain. There are some attacks which can get the key in sub-exponential time, so called XSL attacks, but they are complex and still don't threaten AES as long as you use a good number for the iteration count like 100. Reading this made me think darn i forgot the iterationcount on my root partition.

Here are the comments according to my literature
Computer Networks, Andrew S. Tranenbaum 4th edition

Blowfish 1-448bit Old and slow
DES 56bit Too weak to use now
IDEA 128bit Good, but patented
RC4 1-2048bit Caution; some keys are weak
RC5 128-256bit Good, but patented
Rijndael(AES) 128-256bit Best choice
Serpent 128-256bit Very strong
Triple DES 168bit Second best choice
Twofish 128-256bit Very strong widely used

What my literature says about AES

In 2001 one it was nominated as the US government standard which imo says enough.
Also AES is open source and so there are no backdoors to allow the US government to eavsdrop on encrypted traffic.
AES uses state of the art cryptographic features that stop all known standard attacks.
AES has provable security attributes.
A 128bit AES encryption has a keyspace of 2^128 approx. 3x10^38 keys. Even if NSA manages to build a machine with a billion parallel processors, each being able to evaluate 1 key per picosecond it would still take 10^10 years to search the keyspace. By then the sun will be burnt out, so the folks present will have to read te results by candlelight.
Now imagine 256bit yep i think that is secure :).
Software implementations of AES on a 2Ghz machine would give you a 700Mbps encryption rate.


Ok this is enough for me t say AES please :) but it could be that my literature is a bit pro-AES.
If you wnat hardcore security you could combine two different ciphers i'd recommend AES and serpent or AES and twofish.
Back to top
View user's profile Send private message
watersb
Apprentice
Apprentice


Joined: 04 Sep 2002
Posts: 297
Location: where the hell is Tesuque, New Mexico?

PostPosted: Thu Jul 17, 2003 6:02 pm    Post subject: Reply with quote

Apparently you CAN use your old loop-AES encrypted disks with cryptoapi that is in the new kernel -- from the loop-AES author:
Quote:

Yes, on-disk formats are compatible.

If you use loop-AES' loop.o module with mount+losetup from kerneli.org, no
other change is needed. However, mount+losetup from loop-AES package use
slightly different syntax and defaults:

kerneli.org syntax:

mount -t ext3 /dev/??? /mnt -o loop=/dev/loop0,encryption=aes,keybits=128

loop-AES syntax:

mount -t ext3 /dev/??? /mnt -o loop=/dev/loop0,encryption=AES128,phash=rmd160


I have been using cryptoAPI with the 2.5 and now 2.6 kernels, with a util-linux 2.11z with recent patches from Jari that work with both loop-AES and 2.6 kernel.

I have this setup working from an init ramdisk, so that one could have encrypted root, except that I cannot get pivot_root() to work at the end of my initrd setup with newer kernels. I can get this to work with 2.4.20+ kernels, though.

I encourage people to try the cryptoloop in the 2.6test kernel. You should be able to use your loop-AES partitions without re-encrypting, if I understand jari correctly... I have posted links to the util-linux patches in this thread; read back a couple of pages.

Good luck!


Last edited by watersb on Sat Jul 19, 2003 11:58 pm; edited 1 time in total
Back to top
View user's profile Send private message
watersb
Apprentice
Apprentice


Joined: 04 Sep 2002
Posts: 297
Location: where the hell is Tesuque, New Mexico?

PostPosted: Thu Jul 17, 2003 6:26 pm    Post subject: Reply with quote

Wilhelm wrote:

Here are the comments according to my literature
Computer Networks, Andrew S. Tranenbaum 4th edition

Blowfish 1-448bit Old and slow
DES 56bit Too weak to use now
IDEA 128bit Good, but patented
RC4 1-2048bit Caution; some keys are weak
RC5 128-256bit Good, but patented
Rijndael(AES) 128-256bit Best choice
Serpent 128-256bit Very strong
Triple DES 168bit Second best choice
Twofish 128-256bit Very strong widely used


My information comes from reading Bruce Schneier; see http://www.counterpane.com

As I understand, triple-DES is a good choice because it is very well-researched, it has been around for a long time. Most likely there are hardware implementations optimized to attack triple-DES, but virtually no one is likely to have access to such.

That said, you want to use one of the AES candidates. I believe that Serpent has been broken -- don't use it.

That leaves Rijdael (now AES) or Twofish. There is a theoretical attack against AES, but not a working attack against AES with full rounds (that is, any real AES implementation is not likely to be vulnerable). There are no known attacks against twofish in the literature.

Experts who do not publish, who were involved in the selection of Rijndael over Twofish, may know something that the open-source crypto community does not about respective vulnerabilities.

Quote:

Also AES is open source and so there are no backdoors to allow the US government to eavsdrop on encrypted traffic.


Hmm.. the details of the S-boxes in Rijndael were approved by the US government employees. The last time there was an encryption standard selection process, in the late 70's, these folks modified the S-boxes in DES (without telling people why) before accepting DES as the standard... this modification turned out to strengthen DES against differential cryptanalysis attacks, which were not known in the published literature of the time.

Which is to say that yes, it's open-source, but actually there is quite a bit of empirical kludging in the construction of these routines, and only time will tell if they have vulnerabilities or not.

Better to say that there are no *obvious* back-doors. And that the last time the US government was involved in a selection process like this, the only changes they made seemed to *strengthen* the algorithm.


Quote:

If you wnat hardcore security you could combine two different ciphers i'd recommend AES and serpent or AES and twofish.


I would agree that you might want to use two different ciphers, but I would suggest that you combine a new cipher, either AES or twofish, with an old, well-understood cipher like CAST5. It might be Really Bad Idea to combine two new ciphers like AES and serpent; vulnerabilities of one of them (e.g. serpent) might weaken your encryption.

As a practical matter, it is likely to be too difficult to combine ciphers effectively -- you are likely to screw it up.

As I have gained a better understanding of how the different pieces of the util-linux hard disk encryption works, I have added features like a random password protected by a GPG encryption.

I would suggest that if you are starting out with all this, to keep it as simple as possible.
Back to top
View user's profile Send private message
viperlin
Veteran
Veteran


Joined: 15 Apr 2003
Posts: 1317
Location: UK

PostPosted: Thu Jul 17, 2003 10:07 pm    Post subject: Reply with quote

hey just asking everyone who uses an encrypted root partition (i'm one of them)

at shutdown/reboot i get:
Code:

/sbin/rc: line 1: /proc/cmdline: No such file or directory
Give root password for maintenance
(or type Control-D for normal startup):


this must be because the root FS has been unmounted or something, just wondering if there is a way to make it go away, it look un-proffesional to have errors on PC bootups/shutdowns (especially laptops). so for cosmetic reasons any way to kill this zit.
Back to top
View user's profile Send private message
Wilhelm
Tux's lil' helper
Tux's lil' helper


Joined: 27 May 2003
Posts: 149

PostPosted: Fri Jul 18, 2003 3:12 pm    Post subject: Reply with quote

Yes, i believe that for the system to go to maintenance mode it has to mount the root partition as read-only, Since repairng disks and doing low level maintenace requires exclusive disk access.


I'm not so bothered because i use a pass-phrase that's easy to remember instead of a 20+ character random generated password.

Also i don't mind the error but you could put in an if-test before wxecuting line 1.

So open up the script file and fix it somehow :)
Back to top
View user's profile Send private message
Wilhelm
Tux's lil' helper
Tux's lil' helper


Joined: 27 May 2003
Posts: 149

PostPosted: Fri Jul 18, 2003 4:08 pm    Post subject: Reply with quote

btw. mm-sources has a new 2.6.0 test version it might have better USB support.
Back to top
View user's profile Send private message
DesertFox
n00b
n00b


Joined: 14 Nov 2002
Posts: 53

PostPosted: Sat Jul 19, 2003 3:35 am    Post subject: Reply with quote

I recently bought a new hard drive (upgrade) a 200 gig 8mb cache, over my old 40 gig 2m cache. In the process, I upgraded to the encrypted file system. A couple of things that I noticed in finally getting this to work were:

I had to mount the new hard drive (encrypted) and copy everything over with cp -a / /mnt/encrypt (or whatever)

also, I had been using

Code:
kernel /boot/bzImage root=/dev/hda5 mem=0xF000000 vga=0F00


for my kernel options in grub, but I learned that the mem option for some reason made it so the ram disc wouldn't load (F000000 is only 256 megs, which is what I have. I guess the 4 meg ramdisc wasn't given any space to load). By removing the mem=0xF000000 option, I was able to get the ramdisc to load.

my new grub option is:
Code:
title=Gentoo Linux
root (hd0,0)
kernel /bzImage.crypt ro root=/dev/ram0 init=/linuxrc rootfstype=minix
initrd /initrd.gz


I also had to specify the actual location of the hard drive partitions, ie: BOOTDEV=/dev/ide/host0/bus0/target1/lun0/part1. Aside from also changing BOOTTYPE, CRYPTROOT, ROOTTYPE, and CIPHERTYPE, I also enabled USEPIVOT, as recommended in the build-initrd.sh.

Quote:
# 1 = use pivot_root, 0 = use old change_root
# See above header for root= and append= lilo.conf definitions.
# pivot_root is not available on 2.2 and older kernels.
# Always enable pivot_root for 2.4 and later kernels.



To get build-initrd.sh to actually process, I also had to enable USEDEVFS

Quote:
# 1 = use devfs, 0 = use classic disk-based device names. If this is
# enabled (USEDEVFS=1) then setting USEPIVOT=1 is also required and kernel
# must be configured with CONFIG_DEVFS_FS=y CONFIG_DEVFS_MOUNT=y


from the beginning of build-initrd.sh:

Quote:
# Initrd can use two different methods to switch to encrypted root device:
# change_root (USEPIVOT=0) and pivot_root (USEPIVOT=1). change_root method
# is present in at least 2.2 and 2.4 kernels, and it works ok. pivot_root
# is present in 2.4 and later kernels, and offers much nicer wrong password
# case handling because initrd code can properly shutdown the kernel.
# Proper shutdown is important for software RAID devices and such.
# change_root and pivot_root require slightly different kernel and
# bootloader configuration.
#
# kernel .config : CONFIG_BLK_DEV_RAM=y
# (USEPIVOT=0) CONFIG_BLK_DEV_RAM_SIZE=4096
# CONFIG_BLK_DEV_INITRD=y
# CONFIG_MINIX_FS=y
# CONFIG_PROC_FS=y
# CONFIG_CRAMFS=n (or CONFIG_CRAMFS=m)
#
# kernel .config : CONFIG_BLK_DEV_RAM=y
# (USEPIVOT=1) CONFIG_BLK_DEV_RAM_SIZE=4096
# CONFIG_BLK_DEV_INITRD=y
# CONFIG_MINIX_FS=y


I acually had to use the USEPIVOT=0 kernel config settings (for those who couldn't find the CONFIG_BLK_DEV_RAM_SIZE=4096, it is under block devices, RAM disk support (once you enable RAM disc support, you get the RAM disk size option)).

Anyway, those were just a few of my findings. Also, when I enter the password at boot, or when mounting the encrypted partition under my unencrypted gentoo setup, the mount takes about 5 seconds, is this normal for a 200 gig partition? or is just something about the large encryption size.
Back to top
View user's profile Send private message
chadders
Tux's lil' helper
Tux's lil' helper


Joined: 21 Jan 2003
Posts: 113

PostPosted: Wed Jul 23, 2003 3:03 am    Post subject: Reply with quote

What filesystem is best for a encrypted root? I used both XFS and Reiserfs and they worked good but before I make a new root with a 2.6 kernel pretty soon I want to make sure its going to be ok for a long time.

Chad :D
Back to top
View user's profile Send private message
Aonoa
Guru
Guru


Joined: 23 May 2002
Posts: 589

PostPosted: Wed Jul 23, 2003 5:35 pm    Post subject: Reply with quote

I have been using ReiserFS for a long time now without any issues at all.
The computer has abruptly gone down some times as well, due to power shortages and that's not corrupted any files.

I consider ReiserFS fast and stable. Soon we'll even get Reiser 4. :)
Back to top
View user's profile Send private message
TenPin
Guru
Guru


Joined: 26 Aug 2002
Posts: 500
Location: Kansas City

PostPosted: Thu Jul 24, 2003 11:34 am    Post subject: Reply with quote

I've always thought having an encrypted root fs would be really thrifty. If for whatever reason the law confiscates your machine then you can be quite smug knowing it would be near impossible for them to retrieve anything.

Another interesting idea would be to have a self destruct system setup so that if for whatever reason you were forced to give away your password then you could give away a specific wrong password that would trigger the hard disks blanking mechanism. This is assuming they have left your setup intact.
Back to top
View user's profile Send private message
watersb
Apprentice
Apprentice


Joined: 04 Sep 2002
Posts: 297
Location: where the hell is Tesuque, New Mexico?

PostPosted: Fri Jul 25, 2003 6:25 am    Post subject: Reply with quote

chadders wrote:
What filesystem is best for a encrypted root?


I have many problems with XFS-over-CryptoAPI-loops with recent kernels. Many I/O errors. From the kerneli-dev mailing list, I see I am not alone.

So although I think XFS is a great filesystem, I would not use it with an encrypted loop.

I've been using ReiserFS for some time now on encrypted loops. Seems fine... well, I have to report that I just lost my entire encrypted partition, which was reiser 3.6 encrypted with kerneli, but I think that has something to do with user error and really bad use of --rebuildtree.

Quote:

but before I make a new root with a 2.6 kernel pretty soon I want to make sure its going to be ok for a long time.


Ooh, then don't use encryption or linux, use something boring. :P

Seriously -- this is all relatively new. Make certain you have backups that you understand. I used an encrypted root for almost a year with no problems once I set it up, but it's a new ball game with the 2.6. kernels -- this setup phase is a real tough one.

I can't get buildinitrd.sh to do anything reasonable for a 2.6 kernel. I've tried many many things. So if you get kerneli to work with encrypted root on 2.6, please let me know!

(Oh, if you're feeling brave, you might want to wait a few days for Resier4
Back to top
View user's profile Send private message
watersb
Apprentice
Apprentice


Joined: 04 Sep 2002
Posts: 297
Location: where the hell is Tesuque, New Mexico?

PostPosted: Sat Jul 26, 2003 1:47 am    Post subject: Reply with quote

Me again.

New Util-Linux 2.12 in portage

This new one has been released and supports the cryptoAPI in the 2.6 kernel -- but does NOT incorporate the patches from loop-AES that I've posted earlier in this thread.

So I have to look up how to pipe gpg passwd to losetup again... no big deal...

For loop-AES users, this new util-linux should work just like the previous (2.11z unpatched) one; that is, it will work with your loop-AES partition if you had set up your loop-AES partition to use rmd160 password hashing.

The main change here is the support for 2.6 kernel cryptoloop.
Back to top
View user's profile Send private message
esapersona
n00b
n00b


Joined: 17 May 2003
Posts: 16
Location: Perth, Western Australia

PostPosted: Sat Jul 26, 2003 1:53 am    Post subject: Reply with quote

I've been using XFS with loop-AES for a while now (4 months) (and have done a few benchmarks, and I'll be doing more and posting them when I get a round tuit) and I'm surprised to hear that you had IO errors....
But i havn't been using 2.5.x, so I suppose that may have something to do with it...

Which is the best file system?
Don't touch ext3 or JFS. In my benchmarks their results were quite erratic, and I don't like erratic.
I'm using XFS because it loads my mp3s faster. I noticed that doing an ls in my mp3 larger subtrees of my mp3 directory too ages under ext3 and reiser, so I gave xfs a go and am quite impressed...I recommend XFS, but you do run that risk of IO errors that some people get =/
Back to top
View user's profile Send private message
tomaw
Guru
Guru


Joined: 26 Mar 2003
Posts: 429
Location: UK

PostPosted: Sat Jul 26, 2003 6:08 pm    Post subject: Reply with quote

Just a few questions before I go ahead and try all this:

1) What happens when portage upgrades mount?
2) How long would it take (roughly) to encrypt a root partition of 10GB on a Athlon MP 2000 system?
3) Does partimage still work to backup the root system?
_________________
Tom Wesley
Back to top
View user's profile Send private message
viperlin
Veteran
Veteran


Joined: 15 Apr 2003
Posts: 1317
Location: UK

PostPosted: Sat Jul 26, 2003 8:42 pm    Post subject: Reply with quote

1) you will have to copy the mount and umount back over (i made copys in /root/encryption) of mount, umount, swapon, losetup.

2) not sure, if an Athlon MP 2000 is 1GHz and the harddrive is empty then not too long.

3) i assume you use knoppix and partimage, just run the losetup command you used and put in the password, use /dev/loop5 or whatever for the backup instead of the hda3 (or whatever your root partition is)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page Previous  1, 2, 3 ... 7, 8, 9 ... 11, 12, 13  Next
Page 8 of 13

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum