Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: How to extend my /home "LUKS" encryption to /var, /tmp and swap?

  1. #11
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,637
    Blog Entries
    3

    Default Re: How to extend my /home "LUKS" encryption to /var, /tmp and swap?

    Quote Originally Posted by saultdon View Post
    In my case, I really like the LUKS encryption because I can append that initrd option to the end of the mount points found in /etc/crypttab.
    Don't do that with 12.2. In my experience, it causes problems due to the way that plymouth splash handles the encryption key.

    If you are using an encrypted LVM, the that will be handled in the "initrd" anyway. That's why a separate "/boot" is needed.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  2. #12
    Join Date
    Jan 2012
    Location
    BC
    Posts
    178

    Default Re: How to extend my /home "LUKS" encryption to /var, /tmp and swap?

    Quote Originally Posted by nrickert View Post
    Don't do that with 12.2. In my experience, it causes problems due to the way that plymouth splash handles the encryption key.

    If you are using an encrypted LVM, the that will be handled in the "initrd" anyway. That's why a separate "/boot" is needed.
    Luckily for me, I've removed all plymouth packages and splash* related packages. That sounds like another headache I don't want to deal with.

    I've been running a luks setup on my laptop to test it out earlier today and it's booting fine. I'm betting it's because of the disabled splash/plymouth stuff.
    I use splash=0

    Does LVM require a password when resuming from sleep (suspend to ram)?

  3. #13
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,637
    Blog Entries
    3

    Default Re: How to extend my /home "LUKS" encryption to /var, /tmp and swap?

    Quote Originally Posted by saultdon View Post
    Luckily for me, I've removed all plymouth packages and splash* related packages.
    I have considered that. I really don't need plymouth. In previous versions, I always modified the boot settings to not use splash. I like to see those messages during boot.

    Quote Originally Posted by saultdon View Post
    I've been running a luks setup on my laptop to test it out earlier today and it's booting fine.
    Great.

    Quote Originally Posted by saultdon View Post
    Does LVM require a password when resuming from sleep (suspend to ram)?
    No, it doesn't.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  4. #14

    Default Re: How to extend my /home "LUKS" encryption to /var, /tmp and swap?

    Quote Originally Posted by nrickert View Post
    Every time that I have looked at that setting during install, it has been unset already. I never had to do anything.
    Every time I've looked (and I look every time) it has always been set. Today - Thu Sep 13 21:05:00 PDT 2012 - in the setup I'm running right now, it is set...



    I would be really thankful if you would explain to me what I've been missing for so many years in openSUSE setup ... although I don't mind unchecking this option (as I do almost every day).

    I'm not kidding. Prove me that I am wrong and I will apologize for all the criticism I've formulated against openSUSE setup (especially this "destructive" option) in the past years... And what about all Ubuntu dual booters desperatly looking for their Grub after installing openSUSE? (those who were clever enough to ask before and follow my advice did fine). Well, over time, quite many people had the curiosity to look at this settings, uncheck this option and thank me afterwards for preserving their MBR. But nothing is 100% sure. Maybe I've just been hallucinating all the time.

    More seriously, if this option is indeed unchecked in some cases, we would like to know in which case exactly. So how about booting with the install DVD, running the setup, telling us exactly what you select in Boot Loader Installation, clicking on Boot Loader Options ... and reporting what you see there? It shouldn't take longer than 5 minutes. Then, just cancel the installation and you'll be back in business.

    Also, if you're dual booting with WIndows (I think you do on some machines) how about posting findgrub's output? I bet you're using SUSE generic boot code and not WIndows. If so, how come?

    I found an old findgrub output you posted once (http://forums.opensuse.org/english/g...ml#post2367653) but it was version 3.4. Generic MBR detection has been implemented since version 3.7.2 (http://forums.opensuse.org/english/o...ml#post2443550). Latest version is 4.1 (which doesn't fully support Grub2 2.0 - but it's pretty new.)

  5. #15
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: How to extend my /home "LUKS" encryption to /var, /tmp and swap?

    On 2012-09-14 03:56, saultdon wrote:

    > the beast from a suspended (-to ram-) state.
    >
    > I don't know if I can wake from a suspended state and not be bothered
    > with a decryption password to resume the desktop if I decide to use LVM.
    >
    > I'm trying to avoid getting stuck in a scenario where I have to keep my
    > desktop turned on and logged in because of LVM encryption, thought LVM
    > is looking a lot easier to setup.


    It doesn't matter how you encrypt the disk and if you suspend to ram, it is irrelevant. It may
    be an issue if you hibernate (to disk).

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 12.1 x86_64 "Asparagus" at Telcontar)

  6. #16
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,637
    Blog Entries
    3

    Default Re: How to extend my /home "LUKS" encryption to /var, /tmp and swap?

    Quote Originally Posted by please_try_again View Post
    I would be really thankful if you would explain to me what I've been missing for so many years in openSUSE setup ... although I don't mind unchecking this option (as I do almost every day).
    Obviously, I don't know what is happening on your system.

    Recently, I installed on a system with a disk that had been completely wiped. I intended to check and make sure that the flag was set, but I forgot. Fortunately, the system worked after install.

    My best guess is that the installer is checking, and does not install generic boot code if its check shows that there is already generic boot code. Since I leave my systems with generic boot code, it does not default that flag on. I think you usually install grub in the MBR so it would not detect the presence of generic boot code and defauts it to on. To repeat, I am guessing here, based on what I have been seeing.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  7. #17

    Default Re: How to extend my /home "LUKS" encryption to /var, /tmp and swap?

    Quote Originally Posted by nrickert View Post
    To repeat, I am guessing here, based on what I have been seeing.
    Next time stop guessing, just check! openSUSE writes ist generic boot code into MBR, no matter what's in there: nothing, Grub, another boot loader, Windows generic boot code or another openSUSE generic boot code. It doesn't check (and doesn't care).

  8. #18
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,637
    Blog Entries
    3

    Default Re: How to extend my /home "LUKS" encryption to /var, /tmp and swap?

    Quote Originally Posted by please_try_again View Post
    Next time stop guessing, just check! openSUSE writes ist generic boot code into MBR, no matter what's in there: nothing, Grub, another boot loader, Windows generic boot code or another openSUSE generic boot code. It doesn't check (and doesn't care).
    Wrong! Wrong! Wrong!

    That, I have been checking. And you are wrong.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  9. #19

    Default Re: How to extend my /home "LUKS" encryption to /var, /tmp and swap?

    Quote Originally Posted by nrickert View Post
    Wrong! Wrong! Wrong!
    That, I have been checking. And you are wrong.
    You're right (and thus I'm wrong). And you were well inspired in repeating it 3 times. I tried on WIndows 7 and XP virtual machines with openSUSE 12.2 and 12.1 Live CD as well as 11.4 install DVD ... and according to what I saw, the setup didn't intend to overwrite the MBR to my big surprise (option was unchecked). On the systems I usually set up, whith several Linux distros and 3 or more BSDs, it would show no mercy (that, I can tell you). How happy you guys must be to dual boot with Windows! Anyway, I don't know if it would have written its generic boot code after all (that could not be totally excluded) because it failed to resize the partitions and I decided to not to waste my time an hurt my brain any longer with Windows virtual machines.

  10. #20
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,637
    Blog Entries
    3

    Default Re: How to extend my /home "LUKS" encryption to /var, /tmp and swap?

    Quote Originally Posted by please_try_again View Post
    How happy you guys must be to dual boot with Windows!
    I doubt that it make much difference on whether there is the Windows boot code or the opensuse generic boot code, so not much effect on happiness.

    The reason that I have my dual boot systems default to booting Windows, is because they can boot Windows unattended, whereas I have to be there to enter an encryption key for opensuse (using encrypted LVM).

    I recently switched my main desktop to a linux-only system, so I no longer have to reboot it twice a week to update Windows AV.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

Page 2 of 2 FirstFirst 12

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •