How to install GPT on BIOS & full disk encryption (with boot)?
- Inicie sesión ou rexístrese para enviar comentarios
How to install FULL disk encryption (including /boot) with GPT on BIOS?
I used text mode install, created /boot, /, /home and swap partitions on big encrypted bootable LVM, then added encryption option in GRUB, changed LVM partition type (GRUB BIOS) and installed it. After rebooting, GRUB cannot detect cryptodisk and FS is crashed. Now I'm going to do dd if=/dev/zero of=/dev/sda, then another deleting data function (in install) and reinstall…
In short words:
Bootable encrypted LVM with /boot and / partitons. I changed type to bios_grub:
$ sudo parted /dev/sda
(parted) set 1 bios_grub on (from http://www.wensley.org.uk/gpt)
(parted) quit
something about fstab
Then GRUB install and FS is crashed.
P. S. http://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/
P. P. S. I used only these parted commands from the first website.
> Now I'm going to do dd if=/dev/zero of=/dev/sda, then another deleting data function (in install) and reinstall…
I assume you already did that before and during the first installation (the one that gave you the zombie fs), so, if the assumption is correct, why in the world would you do that again?
My guess is you really enjoy wasting time.
No, I successfully created full disk encryption without /boot on MBR. My first question is how to enable bios_grub without destroying the FS.
P. S. What is the best (as in freedom) partition table? And what is the best FS for SERVER (free as in freedom, too)?
A partition table is just data that specifies where partitions begin and end. Whatever the type of partition table, the format is well-documented and tools like GNU parted can read/write it. All filesystems in Linux are under the GNU GPL.
How to install GRUB on GPT with BIOS without crashing FS?
P. S. Can I make UEFI firmware to replace BIOS? Or UEFI motherboards are different than BIOS?
I have never done that but that seems to be a solution: http://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/
Can I encrypt 1MB bootable BIOS partition? Can I include it in LVM group?
P. S. Reinstall again!
I do not think a BIOS boot partition can be encrypted since it contains part of the bootloader (and only that).
Maybe, MBR?
You cannot encrypt a MBR. But what is the point to encrypt a partition table or the code of a bootloader?
I want to encrypt all partitions.
I will not use BIOS passwords because this passwords can create problems with flashing Libreboot.
P. S. Is default Libreboot supports UEFI?
https://libreboot.org/docs/hcl/index.html#supported_list
You can want an encrypted MBR as much as you want but it won't happen unless the encryption is hardware-based (and I doubt there are free disk firmware, so I would not trust those): https://en.wikipedia.org/wiki/Hardware-based_full_disk_encryption
I am pretty sure the same holds for a BIOS boot partition.
Ok, I will use MBR.
P. S. No free firmwares? Computers are evil.
Help me.
Nope :)
...who sang...anarchy in the ...??
PS : it doesn't hurt..
"\°v°/"
I will wait one day, then I will install OS on MBR.
Do I need to create FS on BIOS boot partition?
What is --root-directory (GRUB 2)? It's / or /boot?
There is no filesystem (hence no file) on a BIOS boot partition. That concept is unknown to the BIOS. Your BIOS boot partition only has GRUB's stage 1.5 code, which includes drivers to read all the popular filesystems. In this way stage 2 can be in regular files in /boot/grub, kernel images can be loaded by their paths, etc.
'grub-install' has not had a --root-directory option since GRUB 1.99. It still has a --boot-directory option though. It specifies, well, the boot directory, i.e., /boot by default. It is useful when installing from a live system (otherwise 'grub-install' will consider the /boot of the live system).
And which partition is bootable?
If by that you mean "which partition must have the boot flag", the answer is none. The BIOS boot partition must have the bios_grub flag though.
Oh no. I marked LVM as bootable.
Can GRUB_BIOS be in (encrypted) LVM?
With GRUB in the MBR, the boot flag is not used. grub_bios is the BIOS boot partition: https://trisquel.info/forum/how-install-gpt-bios-full-disk-encryption-boot#comment-104804
Ok. The last questions:
1. Can bootable BIOS partition be in LVM
2. Can bootable BIOS partition be in encrypted LVM
3. If I will check "Yes" for /home encryption and then create big LVM with /boot, /home, / and swap — can I use Hibernate on my laptop after this?
I have already told you: unless we are talking about hardware-based encryption (we are not), the BIOS boot partition cannot be encrypted. And I see no reason to manage it with LVM (it is 1 MB large) or to encrypt it (it only contains GRUB's stage 1.5).
I have never used LVM but I doubt you can have logical volume inside logical volumes. There are ways to encrypt the swap and still be able to hibernate: https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap
Why not following https://trisquel.info/en/wiki/full-disk-encryption-install ?
I following Ubuntu guide: manual disk partitioning & data erase on.
Help me…
I'm pretty sure MagicBanana was helping you... by telling you what you want is not currently possible. It's obviously not what you want to hear but there's nothing we (or you) can do about it, unless you add designing an entirely new way for computers to function as we know it to your growing list of projects that is.
..and the patience award of the year goes to..
https://s-media-cache-ak0.pinimg.com/originals/90/79/02/907902e68927062117ff80840e212c6d.jpg
Heres some mushrooms..
Anexo | Tamaño |
---|---|
StasiCheckGameOver.ogg_.bz2 | 215.67 KB |
Ok, my partition table is:
1. no fs biosgrub 1MB (do I need to set "Legacy BIOS bootable from gnome-disks?)
2. Encrypted LUKS LVM:
2.1. ext4 /boot 1GB
2.2. ext4 / 100GB
2.3. ext4 /home ~200 GB
2.4 swap 4 GB
I need help. This is my last question before installation.
Again: the "boot" flag is not used if GRUB is installed in the MBR.
100 GB for / looks far too much. You will probably end up using 10% of it (more if you install heavy video games). 1 GB for /boot is a lot too since a kernel requires about 50 MB and you do not need twenty different kernels (only the last one and another one that, for sure, drives well all your hardware). But, well, it only is 1 GB.
HELP ME. THIS IS LAST QUESTION.
Ok. I will try to install the OS.
Answer 1: 20 GB for root is not enough for me.
Answer 2: I want to try to install Hurd and (maybe) deblobbed *BSD.
*: RAM == 2 GB
Hurd must be much smaller than Linux. And, I believe, so does BSD's kernel. You had better use Debian if you want to try such things because the packages must be ported to work with alternative kernels.
Debian have non-free and contrib repos.
Yes. They are bad. Do not enable those.
I do not think a BIOS boot partition can be encrypted since it contains part of the bootloader (and only that).
- Inicie sesión ou rexístrese para enviar comentarios