Volker Kuhlmann wrote: > On Sun 29 Apr 2007 09:11:12 NZST +1200, Jochen Hayek wrote: > > > May I suggest a change to /etc/init.d/boot.crypto ? > > Thanks for that, I second your suggestions. A few days ago I had a play > with an encrypted removable disk. My comments: > > 1) The only way to create such a disk, on a removable memory gimmick > which are of plentiful supply and very popular, is to go into yast disk > partitioner and to click a few dire warnings "this is only for > advanced..." out of the way, and going all the way with "custom". > Actually same issue with non-encrypted removable storage. Something more > user-friendly would be a good idea for 10.4. > > 2) The only functional fstab entry I found is: > > /dev/disk/by-id/usb-HTS54104_MPB2LAX2xxxxxx_B26A82xxxxxx-part1 > /media/portable2 ext3 > loop,encryption=twofish256,acl,user_xattr,user,nosuid,nodev,noexec,noauto 0 0 > > For the reasons Jochen explained, reference by sdXN is useless. The yast > fstab editor (disk partitioner) is unable to create such an entry, > because as soon as "encrypt filesystem" is clicked, the button to enter > the 4 advanced options disappears from the screen. Of those 4 options > (of referencing the partition), only by-ID can work. So the other 3 (but > UUID, etc) should be greyed out or disappear, but by-ID must stay, in > fact it should be default.
That's unrelated to boot.crypto. Please consider filing a bug for YaST. > 3) The system (tested 10.2) fails to load the cryptoloop module. This > must be loaded manually by root first, or the filesystem can never be > mounted. One could add it to MODULES_LOADED_ON_BOOT. boot.crypto loads > it but *only* if a fixed disk with encrypted fs is also in the system. 10.3 boot.crypto will not use cryptoloop so that problem should be obsolete. > 4) Optical problem only: If /etc/cryptotab exists, boot.crypto switches > to text console, finds it doesn't have to do anything because I > commented out the lines but don't want to delete them as it has the info > I need for fstab, or because the disk is currently not plugged in, then > switches back to graphics boot screen. Please file a bug and assign it to me. > 5) The removable disk must be mountable by $user, as the other movable > storage things. > > 6) There's no desktop auto-popup asking for the fs crypto password. hal supports both for LUKS volumes at the backend side of things. KDE/GNOME need to implement the UI. On the command line you can mount such volumes with the halmount script (in a still slightly inconvenient way though). cu Ludwig -- (o_ Ludwig Nussel //\ SUSE Labs V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
