On Sun 29 Apr 2007 09:11:12 NZST +1200, Jochen Hayek wrote:
> May I suggest a change to /etc/init.d/boot.crypto ?
Thanks for that, I second your suggestions. A few days ago I had a play
with an encrypted removable disk. My comments:
1) The only way to create such a disk, on a removable memory gimmick
which are of plentiful supply and very popular, is to go into yast disk
partitioner and to click a few dire warnings "this is only for
advanced..." out of the way, and going all the way with "custom".
Actually same issue with non-encrypted removable storage. Something more
user-friendly would be a good idea for 10.4.
2) The only functional fstab entry I found is:
/dev/disk/by-id/usb-HTS54104_MPB2LAX2xxxxxx_B26A82xxxxxx-part1 /media/portable2
ext3
loop,encryption=twofish256,acl,user_xattr,user,nosuid,nodev,noexec,noauto 0 0
For the reasons Jochen explained, reference by sdXN is useless. The yast
fstab editor (disk partitioner) is unable to create such an entry,
because as soon as "encrypt filesystem" is clicked, the button to enter
the 4 advanced options disappears from the screen. Of those 4 options
(of referencing the partition), only by-ID can work. So the other 3 (but
UUID, etc) should be greyed out or disappear, but by-ID must stay, in
fact it should be default.
3) The system (tested 10.2) fails to load the cryptoloop module. This
must be loaded manually by root first, or the filesystem can never be
mounted. One could add it to MODULES_LOADED_ON_BOOT. boot.crypto loads
it but *only* if a fixed disk with encrypted fs is also in the system.
4) Optical problem only: If /etc/cryptotab exists, boot.crypto switches
to text console, finds it doesn't have to do anything because I
commented out the lines but don't want to delete them as it has the info
I need for fstab, or because the disk is currently not plugged in, then
switches back to graphics boot screen.
5) The removable disk must be mountable by $user, as the other movable
storage things.
6) There's no desktop auto-popup asking for the fs crypto password.
> I would really enjoy seeing the suggested changes in 10.4 or so ... :-)
Any chance of getting 2-5) into 10.3???
Volker
--
Volker Kuhlmann is list0570 with the domain in header
http://volker.dnsalias.net/ Please do not CC list postings to me.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
