Re: system drive encryption question

2017-04-15 Thread FHDATA
On Wed, 5 Apr 2017, FHDATA wrote: hello, I am not currently using debian as linux OS but considering it ... If I clean install debian (latest of course) and during the install process have its / (system drive) encrypted with pass-phrase then later on, can I add a key, residing on a

Re: system drive encryption question

2017-04-12 Thread Jonathan Dowland
On Thu, Apr 06, 2017 at 03:18:10AM -0700, Rick Thomas wrote: > With the introduction of systemd in Jessie, the mechanism that ran a script > to get a password to decrypt the root disk[1] got broken. I don’t think > there was anything about systemd in particular that made it impossible, it > just

Re: system drive encryption question

2017-04-10 Thread Pascal Hambourg
Le 10/04/2017 à 10:26, Nathanael Schweers a écrit : Pascal Hambourg writes: The procedure in the post you point to is flawed in Debian Jessie (...) I never said that it works on debian. Don't misunderstand me : the procedure works with a minor adjustment, so your

Re: system drive encryption question

2017-04-10 Thread Nathanael Schweers
Pascal Hambourg writes: > The version of GRUB included in Jessie at least can handle an encrypted > /boot. However the Debian installer does not handle this case correctly. > You must add the following line in /etc/default/grub in order for > grub-install to install

Re: system drive encryption question

2017-04-07 Thread Pascal Hambourg
Le 06/04/2017 à 13:10, Nathanael Schweers a écrit : Rick Thomas writes: You need an un-encrypted /boot partition to hold the kernel and initrd, of course… This is not true, although I also thought it to be the case. Grub2 can handle LUKS, so it is possible to encrypt

Re: system drive encryption question

2017-04-07 Thread Frank Weißer
Hi F-, have a look at /etc/default/cryptdisks > # Mountpoints to mount, before cryptsetup is invoked at initscripts. Takes > # mountpoins which are configured in /etc/fstab as arguments. Separate > # mountpoints by space. > # This is useful for keyfiles on removable media. Default is unset.

Re: system drive encryption question

2017-04-06 Thread Nathanael Schweers
Rick Thomas writes: > I used to do this. It worked very well before Jessie came along. > > You need an un-encrypted /boot partition to hold the kernel and > initrd, of course… This is not true, although I also thought it to be the case. Grub2 can handle LUKS, so it is

Re: system drive encryption question

2017-04-06 Thread Rick Thomas
On Apr 6, 2017, at 3:18 AM, Rick Thomas wrote: > I suspect it would not be difficult to implement such a feature again under > recent systemd versions, but nobody’s done it yet — at least as far as I know. > > If I take a stab at implementing such a feature, would you be

Re: system drive encryption question

2017-04-06 Thread Rick Thomas
On Apr 5, 2017, at 4:31 PM, FHDATA wrote: > hello, > > I am not currently using debian as linux OS but > considering it ... > > > If I clean install debian (latest of course) and during > the install process have its / (system drive) > encrypted with pass-phrase > > then

Re: system drive encryption question

2017-04-06 Thread tomas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Apr 05, 2017 at 05:31:38PM -0600, FHDATA wrote: > > > hello, > > I am not currently using debian as linux OS but > considering it ... > > > If I clean install debian (latest of course) and during > the install process have its / (system

system drive encryption question

2017-04-05 Thread FHDATA
hello, I am not currently using debian as linux OS but considering it ... If I clean install debian (latest of course) and during the install process have its / (system drive) encrypted with pass-phrase then later on, can I add a key, residing on a usb flash drive, to that