Trouble installing with full disk encryption
Hello,
I'm new to Trisquel but not entirely new to GNU/Linux. I've been trying to install Trisquel on a T60p laptop using the text installer so I can set up LUKS for full disk encryption. If I use the guided setup option to use an encrypted disk, it fails. If I do a manual setup, if I try to use aes-xes-plain64, it also fails. If I instead choose one of the CBC or EBC options, everything proceeds as expected.
Is this normal? I'm conjecturing aes-xes-plain64 may not be completely free, or perhaps relies on blobs in the kernel that are not present?
(I know down the road I'll probably have issues with the ATI FireXL graphics in this machine, but I'm hoping things will work well enough without acceleration to be usable. I'd like to eventually more this machine to Coreboot.)
On Thu, Feb 13, 2014 at 04:12:27PM +0100, name at domain wrote:
> I'm new to Trisquel but not entirely new to GNU/Linux. I've been
> trying to install Trisquel on a T60p laptop using the text installer
Talk about timing, I got a T60 last night - and Encrypted LVM failed for me as well from expert install! I restarted the process twice, same result both times = red screen with Failed on it :(
The exact same process works fine on my Asus EEE machines (several different models), so I do believe this has something to do with the T60 specifically. I haven't searched online yet for a resolution/cause as of yet...
I'm certainly now looking forwared to any other relies this post gets. I'll certainly let you know if I find anything.
> (I know down the road I'll probably have issues with the ATI FireXL
> graphics in this machine, but I'm hoping things will work well
> enough without acceleration to be usable. I'd like to eventually
> more this machine to Coreboot.)
The ATI is going to be an issue! I have Intel in my T60.
My reason for purchasing this machine is to eventually put Coreboot (libre version), on here as well - I haven't done this before, and am certainly a bit nervous about it, honestly. Will certainly start researching it soon however.
Best of luck!
Well, I can tell you how to get around it and still encrypt the disk:
1) Select manual partitioning
2) Create a ~300MB partition, set it to ext4, set it's mount point to /boot. Make sure to set it bootable.
3) Create a partition about 1 to 1.5 the size of your physical ram to be used as an encrypted swap space (some people like to do this, some don't - up to you.) Set the type as space for encryption (not swap), set the passphrase type as "random passphrase". Make sure to set the IV method to cbc-essiv:sha256
4) Create your data partition. set it also as physical space for encryption, but leave it set for a password/passphrase rather than random. Likewise, remember to change the IV method from xts-plain64 to cbc-essiv:sha256
5) Use the option to initialize encryption.
6) Use the Create encrypted volumes option. Select the two encrypted partitions you just set up.
7) Finish the encryption setup. It should ask you for only one passphrase (you enter it twice for verification)
8) When you get back, it should have already set the smaller encrypted partition to "swap". Select the other one and set it to mount as your root partition.
9) Continue on your way.
There are probably some implications to changing the IV method from xts-plain64 to cbc-essiv:sha256, so if that's important to you make sure to research them - I know Ubuntu used to default to cbc-essiv and now goes to xts-plain64, so I'm assuming it has enhanced security. At least this way you aren't completely without a full disk encryption option however.
Also I typed that all up from the top of my head, so I'm sure I misnamed something - let me know if you need my help and I can run through it and tidy up my descriptions.
As to why xts-plain64 causes a failure on the T60, I haven't worked out. It worked fine in a VirtualBox install I just did. Perhaps it's processor related?
By the way, I have a couple of these - it should run well for you on the base T60 with Intel graphics, but you'll probably need a usb wifi adapter if you don't already have one. The t60p is a tragedy- it comes with an Atheros wifi card but the ATI graphics :( The other real bummer is the T60s with nVidia - the graphics work with nouveau but the quality of the video hardware was pretty spotty. At the computer recycler where I got my T60s they told me they pretty much junk the nVidia ones straight away since they cause them a lot of problems.
On Thu, Feb 13, 2014 at 06:30:28PM +0100, name at domain wrote:
> Also I typed that all up from the top of my head, so I'm sure I
> misnamed something - let me know if you need my help and I can run
> through it and tidy up my descriptions.
THANKS so much.
> By the way, I have a couple of these - it should run well for you on
> the base T60 with Intel graphics, but you'll probably need a usb
> wifi adapter if you don't already have one. The t60p is a tragedy-
> it comes with an Atheros wifi card but the ATI graphics :( The other
My T60 comes with Intel Wireless 3945ABG, which I assumed would work OOTB with Trisquel - you're right, it doesn't, relies on some non-free firmware crap :(
Thanks again!