On 10/02/2017 08:34 PM, joevio...@gmail.com wrote:
On Saturday, 5 August 2017 11:20:27 UTC-4, the2nd  wrote:

i switched to Qubes OS 3.2 on my notebook some weeks ago. Besides some issues i 
had it works very well.

One problem was to get the installer to install qubes on LVM-on-LUKS. I 
preferred this over the default LUKS-on-LVM setup because you dont have to 
encrypt any LV separately.
Please note that the current version will probably not work with a default 
qubes LUKS-on-LVM installation. But if some experienced user is willing to help 
testing i'll try to come up with a version that supports this too.

Besides the yubikey/luks stuff the module handles the rd.qubes.hide_all_usb 
stuff via its own rd.ykluks.hide_all_usb command line parameter because the 
yubikey is connected via USB and needs to be accessable until we got the 
challenge from it. i am still unsure if this is the best method to implement 
this. So if anyone with a deeper knowledge of qubes/dracut does have a 
better/more secure solution i happy about any help.

This is working great for me.
A few questions though:

1)  The default Qubes 3.2 install seems to be LVM-on-LUKS where there is only 
one LUKS encryption and root/swap LVMs within that.  So your instructions work 
with the default install.

I'd have to say that the2nd is right. I didn't notice on my first Qubes 3.2 install, because I only had one encrypted partition on my OS drive (skipped a swap partition, despite the installer's whining). Second time around I gave in and created one.

lsblk shows sda2 with a luks-encrypted / within it, and sda3 with a luks-encrypted swap. If it were LVM-on-LUKS, it would be a single luks-encrypted partition two logical volumes within it.


PS: I'm a Qubes-noob, but long-time Linux user.

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to