On 2014-02-08 07:16, rentpayer wrote:
> On 2014-02-08 05:46, arvidjaar wrote:
>> Please show /etc/crypttab. Wonna bet you have “tmp” option there for
> cr_var_2 /dev/disk/by-id/ata-ST3500413AS_5VMPV5Y6-part5 none none
> cr_swap /dev/disk/by-id/ata-MAXTOR_STM3320620AS_6QF1BMRR-part8 /dev/urandom swap
> cr_ata-ST3500413AS_5VMPV5Y6-part6 /dev/disk/by-id/ata-ST3500413AS_5VMPV5Y6-part6 none none
> cr_tmp /dev/disk/by-id/ata-MAXTOR_STM3320620AS_6QF1BMRR-part7 none none
> cr_var /dev/disk/by-id/ata-MAXTOR_STM3320620AS_6QF1BMRR-part1 /dev/urandom tmp
And arvidjaar is right, you have!
The man page says:
The encrypted block device will be prepared for using it as /tmp;
it will be formatted using mke2fs(8). This option implies plain.
As it is a totally new filesystem on every boot, it gets defaults
permissions; thus you have to set them yourself on every boot, too. Or
so I would understand, because you’d get those permissions wrong since
I would not use the tmp option, but perhaps neither the urandom one.
Very secure aka paranoid, but also slower boot and side effects, IMO.
> Evidently my various pre-existing partitions, interacting with the
> installer, got me in a strange naming situation, which caused some
> update to result in this problem.
> (Somewhere I got the idea that having
> smaller partitions was better because they would be easier to back up,
> but maybe that is no longer true.)
No, it is true, but it depends on what you use as backup media. Someone
I read often used partition of about 4 GiB so that they would fit on a
DVD each. Too small nowdays.
> robin-listas observed that
> Ah! Your “/” is not encrypted, you are not using LVM. I understand now.
I cannot recall now why I did not think LVM was appropriate here. And
the installer would not allow me to encrypt “/”
No, you can’t encrypt “/” with the YaST installer. To do that you need
manual action, and not simple as that (I don’t have it clear what those
actions are and the implications for upgrades).
The YaST way for full system encryption is to create a single encrypted
space, which is given to an LVM container. Inside you have root, home,
As it is a single space, you get only one password prompt. It requires a
separate /boot partition, unencrypted.
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 “Bottle” (Minas Tirith))