I have tried to install openSUSE 12.3 with encrypted /, swap and /home but it keeps giving me the error that says I cannot install a system with encrypted /, /usr, etc.
This, however, does not match the documentation. The official openSUSE 12.3 security guide says my setup should be possible. Here is the link - openSUSE 12.3: Security Guide
I have tried using both network installation and DVD images (64-bit both) and as both virtual machine and bare metal installation. I have a working network connection that the installer does recognize but it does not give the popup as described in the security guide (link above).
If it is possible (which is what I would expect), what am I doing wrong? I have mentioned that /boot is unencrypted in my OP (guess, it’s cryptic :D) I have followed exactly what it says in the security guide!
In other words, what is that one magic step I am missing?
On 08/09/2013 07:16 PM, serviceemailstart wrote:
> I have mentioned that /boot is unencrypted in my OP (guess, it’s cryptic
> :D) I have followed exactly what it says in the security guide!
>
> In other words, what is that one magic step I am missing?
i have never done it but, is /boot in the / partition, or is it in a
separate partition? (the way i read it /boot can’t be encrypted so
therefore it can’t be inside an encrypted / partition…and your
error says no encrypted /usr and etc (what is etc??)
so to me it seems you need these partitions
/usr on an unencrypted partition
‘etc’ on the same unencrypted partition (is that /etc???)
/swap on a different unencrypted partition
/home on a encrypted partition
/ on a different encrypted partition
but, it really makes no sense to put the system files in an encrypted
partition…so i would put /bin, /sbin and some others (that i don’t
wanna take the time now to think through on that non-encrypted
partition holding /use and what ever they mean by ‘etc’
Neither of the schemes work! This is very similar to what I use on almost all other Linux installations (Fedora and Xubuntu) which is what I am trying to get to work in openSUSE!
Is there something I am doing wrong here? :dont-know:
The way that supposedly works, is to install on a different partition. Then copy the installed system to the encrypted partition, chroot() to it and run “mkinitrd”. This seems like too much hard work.
The alternative, which I have not tested, is this:
Make your partition (sda3) into an encryted LVM containing only a single volume. Install into that. After the istall is complete, edit “fstab” and “crypttab” to include the swap partition.
Personally, I use an encrypted LVM with separate root, home, swap volumes. And that goes smoothly.
On 2013-08-09 19:16, serviceemailstart wrote:
>
> If it is possible (which is what I would expect), what am I doing wrong?
> I have mentioned that /boot is unencrypted in my OP (guess, it’s cryptic
> :D) I have followed exactly what it says in the security guide!
>
> In other words, what is that one magic step I am missing?
That you have to do it manually, YaST will not do it for you. You have
to follow the old guide you pointed to, and adapt it for a current
distro version.
I have a virtual system where I’m attempting to do it, but so far I’m
stuck, too many things to do in my plate.
YaST instead will use an encrypted LVM. Once the developers managed to
do that some versions ago, they disregarded any other method.
–
Cheers / Saludos,
Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)
On 2013-08-09 21:06, serviceemailstart wrote:
>
> It appears that’s the route to go then. I was worried that I was doing
> something stupid!
>
> LVM it is, then! Thanks for all the replies, folks!
