"Full disk encryption install" still relevant?

28 risposte [Ultimo contenuto]
GrevenGull
Offline
Iscritto: 12/18/2017

Hi,

this guide: https://trisquel.info/en/wiki/full-disk-encryption-install seems interesting. Is it still relevant today , considering that the guide is from 2009?:)

chaosmonk

I am a member!

I am a translator!

Offline
Iscritto: 07/07/2017

Yes, that guide should still work. Both Trisquel 7 and 8 have the text installer used in the guide. I've used the T7 one multiple times with no problems, although I can't promise that the T8 one will go as smoothly.

GrevenGull
Offline
Iscritto: 12/18/2017

Screenshot 1: So LVM is Linux` own "partitioning method"? And why is it one "LV root as ext4" and one "LV swap_1 as swap"?

Screenshot 2: What kernel should be chosen?

Screenshot 3: Is it advisable to have automatic updates?

Screenshot 4: What are the differences in the way an email server is set up, sounds interesting. I want to try to set up an email server, what`s the differences ?

Screenshot 5: wut?

Encrypted_Install_18.png Encrypted_Install_19.png Encrypted_Install_25.png Encrypted_Install_28.png Encrypted_Install_29.png
Magic Banana

I am a member!

Offline
Iscritto: 07/24/2010
  1. LVM is above partitions and disks. It makes it easier to (re)allocate storage (without altering the partitions and the disks)... for those who learn how to do so. An LVM setup usually has one partition per disk (maybe /boot still needs to be in a separate partition though) but several "logical volumes" that can extend over several disks, be resized online, etc. http://www.tldp.org/HOWTO/LVM-HOWTO/benefitsoflvmsmall.html explains that with a simple example.
  2. If you do not have specific needs (e.g., people dealing with music recording want low-latency), you can choose a "generic" kernel. "linux-image-generic" will give you the latest image available in the repository. "linux-generic" would additionally install the "headers" but you probably do not need them (unless you need to install external drivers).
  3. Installing security updates is important. They fix vulnerabilities. You may want those kinds of updates to be automatic.
  4. I do not know anything about setting up an email server (apart from the fact that the hard part comes after: not being blacklisted by GMail & co.
  5. You need a bootloader in the MBR (the first sector of the disk), otherwise the BIOS/UEFI will tell you that the disk has no operating system installed. That bootloder can then "chain load" another bootloader (on a partition). Since you ask, you probably want GRUB installed in the MBR.
GrevenGull
Offline
Iscritto: 12/18/2017

1. But how do I know what scheme/styke the partitions are? Does the LVM just pick something random? And what about partition format?

2. Allright, but is this the same as Linux-libre and the jxself stuff?

3. Gotcha. Guess I`ll just trust the Trisquel people that they`ll continue to make OSes based on freedom:)

4. Haha, allright, I`ll look more into it on my own.

5. Hmm, I don't understand this. I thought MBR was a kind of partition scheme/style similar to GPT? Does this mean that I should choose MBR partition scheme/style? Which brings me back to question 1: LVM just chooses the partition settings on my behalf?

Magic Banana

I am a member!

Offline
Iscritto: 07/24/2010

To understand LVM, you first need to read documentation about it.

The kernels in Trisquel's repository are blob-free, like jxself's. But they are not jxself's. Those are in his repository.

The Master Boot Record is the first sector of a partitioned data storage device. It contains the partition table and the bootloader (well part of it, the "stage 1" in GRUB's terminology; it executes the rest that is in /boot).

GrevenGull
Offline
Iscritto: 12/18/2017

I thought jxself was just a website where you can get all of the Linux-libre versions. Do you say that Linux-libre and jxself`s kernels are two different things?

Also... if I enter the Disk Utility on my MacBook I can choose between three different partition schemes: MBR (Master Boot Record), Apple something and GPT.

If I set up my drive using the GPT, will the first sector still be called MBR? So in that sense "MBR" is the name of several different things?

GrevenGull
Offline
Iscritto: 12/18/2017

Am I understanding this correctly:

LVM is not so much something you implement "below partition schemes (Master Boot Record/GUID Partition Table etc) and formats (exFAT/NTFS etc)", but rather something you build "instead of" partition schemes and partition formats? Which gives higher level usability than the regular Disk Utility for example?

Magic Banana

I am a member!

Offline
Iscritto: 07/24/2010

As I wrote earlier:

LVM is above partitions and disks. It makes it easier to (re)allocate storage (without altering the partitions and the disks)... for those who learn how to do so. An LVM setup usually has one partition per disk (maybe /boot still needs to be in a separate partition though) but several "logical volumes" that can extend over several disks, be resized online, etc. http://www.tldp.org/HOWTO/LVM-HOWTO/benefitsoflvmsmall.html explains that with a simple example.

So you still have partitions (a disk partitioning utility only sees that) but they do not matter: above them, LVM manages "logical volume", which offer a greater flexibility.

GrevenGull
Offline
Iscritto: 12/18/2017

> "(...)but they do not matter(...)"

So I do understand it correctly when I say that LVM is not so much something you build "on top of" or "below" my MacBook's Disk Utility. But rather something I build "instead of" my MacBook's Disk Utility? :)

Magic Banana

I am a member!

Offline
Iscritto: 07/24/2010

Read https://en.wikipedia.org/wiki/Logical_volume_management that certainly better explains logical volume management than I.

Magic Banana

I am a member!

Offline
Iscritto: 07/24/2010

Do you say that Linux-libre and jxself`s kernels are two different things?

I am saying Trisquek's kernels, although blob-free, do not come from the Linux-libre project.

I can choose between three different partition schemes: MBR (Master Boot Record), Apple something and GPT.

If you only have GNU/Linux systems, GPT only has advantages. However, it most probably won't make any difference unless your disk size exceeds 2 TiB (in which case you cannot use it all with an MBR partition table).

If I set up my drive using the GPT, will the first sector still be called MBR?

Yes.

So in that sense "MBR" is the name of several different things?

No. The MBR is the first sector of the disk. It can contain a traditional partition table or you can have a GPT, another layout for the partition table (what PT stands for).

GrevenGull
Offline
Iscritto: 12/18/2017

> "I am saying Trisquek's kernels, although blob-free, do not come from the Linux-libre project."

Oh, I see. But jxself's kernels are the same as Linux-libre, right? And those are preferred over Trisquel's kernels? Why?

> "If you only have GNU/Linux systems, GPT only has advantages. However, it most probably won't make any difference unless your disk size exceeds 2 TiB (in which case you cannot use it all with an MBR partition table)."

But in the other reply over here you said the partitioning "doesn't matter" when you go LVM. How come now it matters?

> "No. The MBR is the first sector of the disk. It can contain a traditional partition table or you can have a GPT, another layout for the partition table (what PT stands for)."

Well it kind of is though. If I set up using GPT in Disk Utility, and the first sector of the disk is called MBR. That's one thing. But if I set up using the "MBR" scheme instead of the "GPT" scheme. That's another thing. Am I missing something?

Magic Banana

I am a member!

Offline
Iscritto: 07/24/2010

But jxself's kernels are the same as Linux-libre, right?

Right.

And those are preferred over Trisquel's kernels? Why?

They are more recent versions. In particular, they better support recent hardware.

But in the other reply over here you said the partitioning "doesn't matter" when you go LVM. How come now it matters?

They do not matter but the disk still has to be partitioned. Typically one partition per disk. /boot must be on a separate partition, I believe.

Am I missing something?

I do not understand your question. You need a partition table. It can be the traditional one or GPT. The main advantage of GPT is that you can use the whole space on disks whose sizes exceed 2 TiB.

GrevenGull
Offline
Iscritto: 12/18/2017

> "They do not matter but the disk still has to be partitioned. Typically one partition per disk. /boot must be on a separate partition, I believe."

Either they matter or they don't. I can't wrap mu head around this sentence of yours:
"They do not matter but the disk has to be partitioned"

If it is so that when one sets up LVM, the whole disk is cleaned and one formats the disk to use the "LVM-scheme" and the "LVM-table"?

> I do not understand your question. You need a partition table. It can be the traditional one or GPT. The main advantage of GPT is that you can use the whole space on disks whose sizes exceed 2 TiB.

It seems as though MBR - Master Boot Record is the name of several different things, which brings confusion. It seems as though MBR can both stand for a file system. But it can also stand for the "first sector of the disk". Hence, it is the name of several different things at the same time?

Magic Banana

I am a member!

Offline
Iscritto: 07/24/2010

I can't wrap mu head around this sentence of yours:
"They do not matter but the disk has to be partitioned"

Again, read documentation. I gave you several links. Partitions are "physical volumes" divided into "extents". LVM concatenates "extents" into "logical volumes". In the end, the physical volumes do not matter. A logical volume can even contain extents on different disks.

It seems as though MBR - Master Boot Record is the name of several different things, which brings confusion. It seems as though MBR can both stand for a file system.

Nobody says MBR is a filesystem. XFS, ext4, NTFS, ... are filesystems.

GrevenGull
Offline
Iscritto: 12/18/2017

> Again, read documentation. I gave you several links.

I'm on it, just discussing with you at the same time.

>Partitions are "physical volumes" divided into "extents".

https://en.wikipedia.org/wiki/Disk_partitioning

"Disk partitioning or disk slicing[1] is the creation of one or more regions on a hard disk or other secondary storage, so that an operating system can manage information in each region separately."

-That's what "partitions are".

https://en.wikipedia.org/wiki/Logical_volume_management#EXTENT

"Most volume-manager implementations share the same basic design. They start with physical volumes (PVs), which can be either hard disks, hard disk partitions, or Logical Unit Numbers (LUNs) of an external storage device."

-"Physical volumes" is a term inside the world of LVM which refer to either hard disks, hard disk partitions or Logical Unit Numbers (LUNs) of an external storage device. That's what "physical volumes are".

When you say "extents" I assume you are referring to "physical extents" in which:

"Volume management treats each PV as being composed of a sequence of chunks called physical extents (PEs)."

-"Physical extents" is a term inside the world of LVM which refer to a sequence of chunks that together make a "Physical Volume".

>LVM concatenates "extents" into "logical volumes".

Yes, can't argue on that part. Except that you could specify what "extents" you are talking about to avoid confusion.

>In the end, the physical volumes do not matter.

What the actual duck is that sentence even supposed to mean? "Physical volumes do not matter"? What are you talking about? In what way do they "not matter"? Please be more specific.

>A logical volume can even contain extents on different disks.

Yeah. Not to be rude, but this has nothing to do with what we are discussing, and this is just you handing out random pieces of information.

So I think it's kind of rude of you to just hand out links and spit out random chunks of information without regards as to what the questions is. It even seems as though you haven't really read them yourself. And then you complain at me because you "assume" that I have not read the links you link to, which it really seems that you haven't read. Anyway...

>Nobody says MBR is a filesystem. XFS, ext4, NTFS, ... are filesystems.

Pardon me. I meant "partition table", not "filesystem".

https://en.wikipedia.org/wiki/Partition_table

Magic Banana

I am a member!

Offline
Iscritto: 07/24/2010

Except that you could specify what "extents" you are talking about to avoid confusion.

For the implementation in the Linux kernel, there is a one-to-one mapping between physical and logical extents: http://www.tldp.org/HOWTO/LVM-HOWTO/pe.html

That is why, in that implementation (the only one that matters to GNU/Linux users), you can confuse physical extents with logical extents.

Not to be rude, but this has nothing to do with what we are discussing, and this is just you handing out random pieces of information.

Partitions cannot span over several disks. That is an example of what I keep on telling you: partitions do not matter on a system that uses LVM. The flexibility LVM brings removes the limitations associated with partitions. The disk space can be partitioned or not, on several disks or not. It does not matter once you use LVM.

https://en.wikipedia.org/wiki/Partition_table

That page rightfully uses the term "MBR partition tables" and not only "MBR". As I keep on telling you, the MBR is the first sector of a disk. It traditionally contains a "bootstrap code area", a whole partition table and a "boot signature". Because the MBR is small, the partition table it contains is even smaller and comes with restrictions. In particular the start addresses of the partitions and their sizes are stored on 32-bits integers, which are therefore limited to 2^32 sectors, what makes 2 TiB.

So, again, the "MBR" is not a "partition table". It would be like saying that the "face" is the "nose" when the nose only is one of the "things" on the face.

GrevenGull
Offline
Iscritto: 12/18/2017

For the implementation in the Linux kernel, there is a one-to-one mapping between physical and logical extents: http://www.tldp.org/HOWTO/LVM-HOWTO/pe.html

That is why, in that implementation (the only one that matters to GNU/Linux users), you can confuse physical extents with logical extents.

May I ask of you to elaborate on what you mean when you say "one-to-one mapping"? Also... please don't tell me what matters to me or not...

Partitions cannot span over several disks.

I know, I have never questioned this anywhere in this thread. I can't grasp your need to throw around information which is unrelated to the discussion.

That is an example of what I keep on telling you: partitions do not matter on a system that uses LVM.

First thing first: you haven't kept telling me anything consistent in that regard. You have jumped back and forth between "partitions is needed" and "partitions do not matter".
But okay, so you have now landed on the conclusion that there is no need to format a disk in, for example, MacBook's Disk Utility, when one plans to set up LVM, because the LVM completely replaces all the settings I may have been doing in Disk Utility?

The flexibility LVM brings removes the limitations associated with partitions.

Cool

The disk space can be partitioned or not, on several disks or not. It does not matter once you use LVM.

So yeah... LVM is not so much something one builds "on top off" or "beside" or etc exisiting settings in for example Disk Utility. LVM is more something you implement "instead of" the settings one could have made in for example Disk Utility? No?

That page rightfully uses the term "MBR partition tables" and not only "MBR".

Pardon me, my language usage could have been more specific. So "MBR" and "MBR partitioning table" is two different things, right?

As I keep on telling you, the MBR is the first sector of a disk.

But what does it actually mean that it is "the first sector of a disk"? So the MBR is purely the name of a physical place inside the disk? Just like "hallway" is the first sector of a house?

"bootstrap code area"

What's that?

a whole partition table

As opposed to what?

"boot signature"

What's that?

Because the MBR is small, the partition table it contains is even smaller and comes with restrictions.

So a partition table is a "code" or "software" one implements inside the disk and/or the MBR area of the disk which sets the terms for how the disk and/or the MBR area is used?

This might be a stupid question but I don't got any "pride" (which I paradoxically pride myself of not having, but that's a philosophical topic for another day) anyway: Is the MBR located in the "first sector of the disk" because that's where the electricity reaches first?

So, again, the "MBR" is not a "partition table". It would be like saying that the "face" is the "nose" when the nose only is one of the "things" on the face.

Yeah, I think I understand now. The "MBR" is the first sector of the disk and describes a purely physical place inside the disk which is the "first sector"? And the "MBR partitioning table" is a file system?

Lol at your analogy though

Magic Banana

I am a member!

Offline
Iscritto: 07/24/2010

May I ask of you to elaborate on what you mean when you say "one-to-one mapping"?

Let us say you always have both the first names and the last names of a bunch of people. You have a one-to-one mapping (mathematicians usually prefer the term "bijection") if all first names are different and all last names are different. So you can identify anybody by its first name or by its last name. You can actually forget about either the first names or the last names and say you haves "names".

Substitute "name" with "extent", "first" with "physical" and last with "logical" and you understand why, when talking about Linux's LVM, people usually just say "extents", e.g., on https://en.wikipedia.org/wiki/Logical_Volume_Manager_(Linux)

I can't grasp your need to throw around information which is unrelated to the discussion.

It is not unrelated. It is the clearest example of why disk partitions do not matter once you use LVM.

First thing first: you haven't kept telling me anything consistent in that regard. You have jumped back and forth between "partitions is needed" and "partitions do not matter".

They are needed but, thanks to LVM, you do not need to care about them. People use LVM because they do not want to care about disk partitions. They just want to consider that they have one single pool of storage that they can logically partition.

But okay, so you have now landed on the conclusion that there is no need to format a disk in, for example, MacBook's Disk Utility, when one plans to set up LVM, because the LVM completely replaces all the settings I may have been doing in Disk Utility? So yeah... LVM is not so much something one builds "on top off" or "beside" or etc exisiting settings in for example Disk Utility. LVM is more something you implement "instead of" the settings one could have made in for example Disk Utility? No?

No. You need partitions on the disks. Of the LVM type (+ a non-LVM partition for /boot). People usually have one single large LVM partition per disk. Setup more partitions if you want. It makes no difference afterwards. Your disk utility will only see the partitions. Not the logical volumes.

So "MBR" and "MBR partitioning table" is two different things, right?

Right. The MBR is the first sector of the disk. It traditionally contains a (MBR) partition table and other things (in particular the "bootstrap code", which is GRUB's stage 1 for GRUB's users). The MBR partition table is, well, a partition table. In a specific "format" (like PNG is an image format).

A GPT is a partition table in another format, whose main interest is to be able to handle absurdly large disks. It brings other benefits, such as not having to care about the difference between a primary partition and an extended partition: GPT typically (it is configurable) supports 128 primary partitions, more than enough. A GPT obviously takes more space than an MBR partition table. It does not fit in one single sector and, as a consequence, it is not stored in the MBR.

But what does it actually mean that it is "the first sector of a disk"?

A disk is divided into 512-byte sectors, which are ordered. The MBR is the first one, sector 0.

So the MBR is purely the name of a physical place inside the disk? Just like "hallway" is the first sector of a house?

Yes.

So a partition table is a "code" or "software" one implements inside the disk and/or the MBR area of the disk which sets the terms for how the disk and/or the MBR area is used?

A partition table is not software. It is data: it lists the first sectors of the partitions, their sizes, their types, etc. The BIOS or the UEFI is software that reads it.

Is the MBR located in the "first sector of the disk" because that's where the electricity reaches first?

The whole disk is alimented. I guess the MBR is sector 0 because, in this way, the BIOS does not even need to know the size of the disk to boot from it.

And the "MBR partitioning table" is a file system?

No. The partition table only specifies the partitions, not the way files are stored on them (what a filesystem does). A partition does not even necessarily contain files. A swap partition for instance. Or an LVM partition.

GrevenGull
Offline
Iscritto: 12/18/2017

Substitute "name" with "extent", "first" with "physical" and last with "logical" and you understand why, when talking about Linux's LVM, people usually just say "extents", e.g., on https://en.wikipedia.org/wiki/Logical_Volume_Manager_(Linux)

No, I can't understand why, when talking about Linux' LVM, people usually just say "extents" because you have two extents. You have the logical one and the physical one. Once again an example of you just randomly throwing around information that's not part of discussion.

It is not unrelated. It is the clearest example of why disk partitions do not matter once you use LVM.

Let's just agree to disagree here and move on.

They are needed

Okay, so it does matter what I have done in the Disk Utility before I set up the LVM? It does matter what I choose between GPT and MBR (MBR partition table, Apple just calls it MBR, don't look at me)? It does matter which format I partition the disk in Disk Utility?

No. You need partitions on the disks.

Why? If LVM comes along later and just completely makes all the work in Disk Utility useless?

Of the LVM type (+ a non-LVM partition for /boot).

So you're saying that Disk Utility and LVM works together in some way?

Right. The MBR is the first sector of the disk. It traditionally contains a (MBR) partition table and other things (in particular the "bootstrap code", which is GRUB's stage 1 for GRUB's users). The MBR partition table is, well, a partition table. In a specific "format" (like PNG is an image format).

Allrighty

A disk is divided into 512-byte sectors, which are ordered. The MBR is the first one, sector 0.

Aha

Yes.

Awesome

A partition table is not software. It is data: it lists the first sectors of the partitions, their sizes, their types, etc. The BIOS or the UEFI is software that reads it.

Allright, thanks. I don't quite understand this, but I can look more into it by myself.

The whole disk is alimented. I guess the MBR is sector 0 because, in this way, the BIOS does not even need to know the size of the disk to boot from it.

What does "the BIOS need to know the size of the disk" has anything to do with anything? What would it help the BIOS locate the MBR if it knew the size of the disk?

No. The partition table only specifies the partitions, not the way files are stored on them (what a filesystem does). A partition does not even necessarily contain files.

Hmm, ok.

A swap partition for instance.

What's that?

Magic Banana

I am a member!

Offline
Iscritto: 07/24/2010

Once again an example of you just randomly throwing around information that's not part of discussion.

Are you always that disagreeable with people answering your question? You asked me what is a one-to-one mapping. I answered to the point with an example I hope you would understand.

If anybody wants to answer GrevenGull (and risks getting that kind of thanks in return), go ahead. I am done here.

GrevenGull
Offline
Iscritto: 12/18/2017

Are you always this disagreeable with people answering your question?

1. Are you always this bitter when things not work out the way you would like things to work out?

2. Maybe I am, maybe I'm not, so?

3. I don't see see what's "disagreeable" about my behaviour there.

4. You didn't answer any questions at all, that's the whole thing here. That's the bloody irony here.

You asked me what is a one-to-one mapping. I answered to the point with an example I hope you would understand.

Yes, that I agree with and that I am thankful for. I was referencing your follow-up in the regard to separating between logical and physical extent.

If anybody wants to answer GrevenGull (and risks getting that kind of thanks in return), go ahead. I am done here.

Aren't you lovely?

chaosmonk

I am a member!

I am a translator!

Offline
Iscritto: 07/07/2017

GrevenGull, I know how easy it is to get frustrated trying to understand things like this. You have to be patient and avoid taking out your frustration on others. I can assure you that Magic Banana is only trying to help. About six months ago I switched from Window$ to Trisquel and had no idea what I was doing. Magic Banana was one of several members of this forum who donated their time to helping me get started. I still have a lot to learn (for instance, I have no idea how LVM works either) but have reached a point where I can pay it forward by helping others with some of these beginning steps. In another six months you'll be able to do the same. Just be patient.

GrevenGull
Offline
Iscritto: 12/18/2017

Wise words:)

I'll be more patient.

GrevenGull
Offline
Iscritto: 12/18/2017

I think what you call "traditional partition table" my MacBook calls "MBR - Master Boot Record".

Mangy Dog

I am a member!

I am a translator!

Offline
Iscritto: 03/15/2015

GrevenGull, you can read this valuable documentation here : http://tldp.org/HOWTO/Partition/index.html
& also The Debian Documentation along with Arch both very incisive : https://wiki.debian.org/LVM
https://wiki.archlinux.org/index.php/LVM

onpon4
Offline
Iscritto: 05/30/2012

Did you try "Default" in that menu? The Trisquel installer media has its own menu, but that screen you're showing is from Unetbootin.

This question doesn't belong in this thread, by the way. You should have started a new thread in the Trisquel Users forum.

JustinCB
Offline
Iscritto: 06/06/2016

The MBR is the first sector on the disk, & it has code to load the OS or the bootloader, then a 4-entry partition table, then a specific 2-byte sequence that tells the BIOS, that the drive is bootable. If you need more than 4 partitions, you can use one of the MBR's "partitions" as a link to an extended partition table. GPT is more advanced, & so has more features.