Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: encrypted / filesystem during installation - openSUSE 12.3

  1. #1

    Post encrypted / filesystem during installation - openSUSE 12.3

    I have tried to install openSUSE 12.3 with encrypted /, swap and /home but it keeps giving me the error that says I cannot install a system with encrypted /, /usr, etc.

    This, however, does not match the documentation. The official openSUSE 12.3 security guide says my setup should be possible. Here is the link - openSUSE 12.3: Security Guide

    I have tried using both network installation and DVD images (64-bit both) and as both virtual machine and bare metal installation. I have a working network connection that the installer does recognize but it does not give the popup as described in the security guide (link above).

    Online searches repeatedly lead me to older documentation pages, like this one - https://en.opensuse.org/SDB:Encrypted_root_file_system

    My question is - What am I doing wrong here? Is it not possible to install fully encrypted system (except /boot)?

    Thanks.

  2. #2
    Join Date
    Jul 2011
    Location
    Germany
    Posts
    24

    Default Re: encrypted / filesystem during installation - openSUSE 12.3

    Hi,

    this is possible, i use it myself. You need to choose an LVM based layout, have you?

    regards fl0

  3. #3

    Default Re: encrypted / filesystem during installation - openSUSE 12.3

    Quote Originally Posted by fl0 View Post
    Hi,

    this is possible, i use it myself. You need to choose an LVM based layout, have you?

    regards fl0
    Thanks for the reply.

    I have no use for LVM on my laptop! Is it not possible without LVM?

  4. #4
    Join Date
    Sep 2012
    Posts
    5,132

    Default Re: encrypted / filesystem during installation - openSUSE 12.3

    Quote Originally Posted by serviceemailstart View Post
    it keeps giving me the error that says I cannot install a system with encrypted /, /usr, etc.

    This, however, does not match the documentation. The official openSUSE 12.3 security guide says my setup should be possible. Here is the link - openSUSE 12.3: Security Guide
    This look pretty generic and does not give any explicit statement about whether this is possible or not.
    Is it not possible to install fully encrypted system (except /boot)?
    Yes, it is possible. But you never mentioned unencrypted /boot so far.

  5. #5
    Join Date
    Sep 2012
    Posts
    5,132

    Default Re: encrypted / filesystem during installation - openSUSE 12.3

    Quote Originally Posted by serviceemailstart View Post
    Is it not possible without LVM?
    It is possible. I did such installs.

  6. #6

    Default Re: encrypted / filesystem during installation - openSUSE 12.3

    If it is possible (which is what I would expect), what am I doing wrong? I have mentioned that /boot is unencrypted in my OP (guess, it's cryptic ) I have followed exactly what it says in the security guide!

    In other words, what is that one magic step I am missing?

  7. #7
    Join Date
    Jun 2008
    Location
    Earth - Denmark
    Posts
    10,730

    Default Re: encrypted / filesystem during installation - openSUSE 12.3

    On 08/09/2013 07:16 PM, serviceemailstart wrote:
    > I have mentioned that /boot is unencrypted in my OP (guess, it's cryptic
    > ) I have followed exactly what it says in the security guide!
    >
    > In other words, what is that one magic step I am missing?


    i have never done it but, is /boot in the / partition, or is it in a
    separate partition? (the way i read it /boot can't be encrypted so
    therefore it can't be inside an encrypted / partition....and your
    error says no encrypted /usr and etc (what is etc??)

    so to me it seems you need these partitions
    /usr on an unencrypted partition
    'etc' on the same unencrypted partition (is that /etc???)
    /swap on a different unencrypted partition
    /home on a encrypted partition
    / on a different encrypted partition

    but, it really makes no sense to put the system files in an encrypted
    partition...so i would put /bin, /sbin and some others (that i don't
    wanna take the time now to think through on that non-encrypted
    partition holding /use and what ever they mean by 'etc'

    is that what you tried?

    --
    dd
    http://tinyurl.com/DD-Caveat
    http://tinyurl.com/DD-Complaints

  8. #8
    Join Date
    Sep 2012
    Posts
    5,132

    Default Re: encrypted / filesystem during installation - openSUSE 12.3

    Quote Originally Posted by serviceemailstart View Post
    If it is possible (which is what I would expect), what am I doing wrong?
    OK, I take it back. It appears yast indeed won't let you go past this point. I think I used LVM on top of encrypted partition indeed.

  9. #9

    Default Re: encrypted / filesystem during installation - openSUSE 12.3

    Quote Originally Posted by DenverD View Post
    On 08/09/2013 07:16 PM, serviceemailstart wrote:
    > I have mentioned that /boot is unencrypted in my OP (guess, it's cryptic
    > ) I have followed exactly what it says in the security guide!
    >
    > In other words, what is that one magic step I am missing?


    i have never done it but, is /boot in the / partition, or is it in a
    separate partition? (the way i read it /boot can't be encrypted so
    therefore it can't be inside an encrypted / partition....and your
    error says no encrypted /usr and etc (what is etc??)

    so to me it seems you need these partitions
    /usr on an unencrypted partition
    'etc' on the same unencrypted partition (is that /etc???)
    /swap on a different unencrypted partition
    /home on a encrypted partition
    / on a different encrypted partition

    but, it really makes no sense to put the system files in an encrypted
    partition...so i would put /bin, /sbin and some others (that i don't
    wanna take the time now to think through on that non-encrypted
    partition holding /use and what ever they mean by 'etc'

    is that what you tried?
    Thanks for your response. Apologies for not being clearer. This is the one partition setup I have tried.

    /boot - ext4 - not encrypted - 500 MB (sda1)

    sda2---sda3
    / - Encrypted (ext4) - 6 GB (if VM), 50 GB (if bare metal)
    swap - Encrypted (ext4) - 2 GB (if VM), 4 GB (if bare metal)

    So, pretty much everything (/usr, /etc(typo earlier, sorry!), /home) is in that single partition - / - which is what I want to encrypt.

    I have also tried -

    /boot - ext4 - not encrypted - 500 MB (sda1)

    sda2---sda4
    / - Encrypted (ext4) - 6 GB (if VM), 50 GB (if bare metal)
    /home - Encrypted (ext4) - 50 GB (bare metal only)
    swap - Encrypted (ext4) - 2 GB (if VM), 4 GB (if bare metal)

    Neither of the schemes work! This is very similar to what I use on almost all other Linux installations (Fedora and Xubuntu) which is what I am trying to get to work in openSUSE!

    Is there something I am doing wrong here?

  10. #10
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,623
    Blog Entries
    3

    Default Re: encrypted / filesystem during installation - openSUSE 12.3

    Quote Originally Posted by serviceemailstart View Post
    Thanks for your response. Apologies for not being clearer. This is the one partition setup I have tried.

    /boot - ext4 - not encrypted - 500 MB (sda1)

    sda2---sda3
    / - Encrypted (ext4) - 6 GB (if VM), 50 GB (if bare metal)
    swap - Encrypted (ext4) - 2 GB (if VM), 4 GB (if bare metal)

    So, pretty much everything (/usr, /etc(typo earlier, sorry!), /home) is in that single partition - / - which is what I want to encrypt.
    In my experience, the installer won't allow that.

    The way that supposedly works, is to install on a different partition. Then copy the installed system to the encrypted partition, chroot() to it and run "mkinitrd". This seems like too much hard work.

    The alternative, which I have not tested, is this:

    Make your partition (sda3) into an encryted LVM containing only a single volume. Install into that. After the istall is complete, edit "fstab" and "crypttab" to include the swap partition.

    Personally, I use an encrypted LVM with separate root, home, swap volumes. And that goes smoothly.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •