after crypt setup, Trisquel does not be loaded

13 replies [Last post]
Masaru Suzuqi -under review-
Offline
Joined: 06/06/2018

Hello :)
On librebooted X60s, Trisquel 8, after entered password, "cryptsetup: sda5_crypt set up successfully", the Trisquel mark keeps blinking and nothing happens. What should I do? Thank you.

Magic Banana

I am a member!

Offline
Joined: 07/24/2010

If you type Ctrl+Alt+F1, can you log into a text session?

Masaru Suzuqi -under review-
Offline
Joined: 06/06/2018

No. But typing Ctrl+Alt+F2 brings a blank page + a blinking cursor (?) on the top left corner. It did not react by typing some alphabetical keys. But after typing Ctrl+Alt+F1, came back to the former screen.

Magic Banana

I am a member!

Offline
Joined: 07/24/2010

Have you tried booting the previous kernel, from GRUB's menu (in "Advanced options for Trisquel GNU/Linux")?

Masaru Suzuqi -under review-
Offline
Joined: 06/06/2018

Recently somehow I have not seen the screen "Advanced options for Trisquel GNU/Linux". I can 'e' and 'c' in GRUB's menu.

Magic Banana

I am a member!

Offline
Joined: 07/24/2010

Try to press Shift or Esc little after you switch your computer on.

nadebula.1984
Offline
Joined: 05/01/2018

The encrypted volume can be successfully decrypted, so at least you should have no problem to make a backup.

If you want to set up full-disk encryption, it is strongly recommended that you perform a new installation and "erase" the disk (filling with random data).

During installation, re-create the partition table on the destination disk. Create a non-encrypted partition for /boot (and one for /boot/efi, for UEFI/TianoCore payload). Create an encrypted volume using all remaining disk space.

After setting up the password (and random filling) for the encrypted volume, you should create physical volumes (PV) on the encrypted volume, then create volume groups (VG) on the PV, and finally create logical volumes (LV) on the VG.

Once you have configured LVs, you can assign them to different mounting points like /, /home, etc., as well as swap area. Do not create swap area outside the encrypted volume, because this would defeat any security provided by full-disk encryption.

Configuration of full-disk encryption using Debian Installer is quite straightforward. A professional installer should be like this.

jxself
Offline
Joined: 09/13/2010

"Configuration of full-disk encryption using Debian Installer is quite straightforward. A professional installer should be like this."

Trisquel has the same installer on the netinstall ISO.

Masaru Suzuqi -under review-
Offline
Joined: 06/06/2018

> The encrypted volume can be successfully decrypted, so at least you should have no problem to make a backup.

I have never succeeded in making a backup on Trisquel.

> Create a non-encrypted partition for /boot (and one for /boot/efi, for UEFI/TianoCore payload).

Why/how to create a non-encrypted partition?? I think it is always automatically full-disk encrypted though.

> Trisquel has the same installer on the netinstall ISO.

I have never succeeded in installing by the netinstall ISO neither.

Or rather, what would be the cause of this trouble?

nadebula.1984
Offline
Joined: 05/01/2018

By encrypting everything other than /boot partition (and ESP, if using UEFI/TianoCore), the attack surface is already minimized.

It is theoretically possible to encrypt the /boot partition as well, but the booting process become weird and tricky, and is therefore not recommended.

It is also theoretically possible to encrypt the swap area and still use hibernation, but again, is not recommended, because hibernation is insecure by nature.

LpSkywalker
Offline
Joined: 06/29/2017

I always have this same problem with Trisquel 8 encryption.

When the screen comes up you have to hit ALT CTRL Delete to reboot the computer which should boot into the screen for Advanced options and choose a older kernel.

It really depends the computer. First you should try the ALT CTRL Delete and log into your current kernel as that is how I boot into Trisquel encryption for Trisquel 8.

If that fails than try an older kernel.

Masaru Suzuqi -under review-
Offline
Joined: 06/06/2018

> Try to press Shift or Esc little after you switch your computer on.

> When the screen comes up you have to hit ALT CTRL Delete to reboot the computer

> You might wish to turn to steganography instead.

I don't know which worked because I was not able to see the advanced options screen after all but somehow it loads Trisquel now anyway. Thanks...

> It is also theoretically possible to encrypt the swap area and still use hibernation, but again, is not recommended, because hibernation is insecure by nature.

I don't understand particularly this one.

LpSkywalker
Offline
Joined: 06/29/2017

No problem, I seem to always have to do ALT CTRL Delete to hook the login screen.

If you hit ALT CTRL Delete usually not more than 1 time the 2 options should show up BEFORE the decryption part.

Maybe it might take 2 times in your case. Something to remember anyway, as sometimes Old kernel is needed to fix something.

Masaru Suzuqi -under review-
Offline
Joined: 06/06/2018

Yes, I would need that for expected something future trouble but unfortunately I cannot see the advanced screen anymore. But it's OK. This is not the end of life of mine.