[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Debian on loop-AES on RAID5

To: linux-crypto@xxxxxxxxxxxx
Subject: Re: Debian on loop-AES on RAID5
From: Venkat Manakkal <venkat@xxxxxxxxxxxxxx>
Date: Sat, 28 Jan 2006 09:56:50 -0500
In-reply-to: <E1F2qx1-00026F-5b@humbolt.nl.linux.org>
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <linux-crypto.nl.linux.org>
List-owner: <mailto:ecartis-owner@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
References: <E1F2qx1-00026F-5b@humbolt.nl.linux.org>
Sender: linux-crypto-bounce@xxxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0.7 (X11/20051013)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/28/2006 09:19 AM, Leo Bogert wrote:
| Hi,
|
| I just built a 600 GB (3x 300GB RAID5) Fileserver which I want to be
| full-disk-encrypted with Debian and loop-AES. (This already shows you that I
| like loop-AES very much ;)
|
| Unfortunately, it's been two or three years since I last set up a
| full-disk-encrypted box with loop-AES. Back then I was using Slackware. As
| far as I remember, I booted an already present linux system with the
| destination disk attachted, created the partitions on the destination disk,
| encrypted them and then used the ability of the Slackware setup to install
| slackware from within a running linux environment.
| Thus, the installation was directly written encrypted to disk, and after
| installing I just had to fix up the boot partition to support loop-AES with
| a custom kernel.
|
| Now, as far as I know, Debian does not support being installed from within a
| running linux.
| Plus, the fact that I want RAID5 _and_ loop-AES makes it more complicated.
| My question to you is: Can anyone hint me out on some Website which explains
| an approach for doing this easily?
|
| What I want is:
| - NO unencrypted data being written to the disk-array, that would not be
| clean enough :) I.e. I dont want to install debian first and encrypt after
| installing.
| - If I'm right it would be better to do AES on RAID5 instead of RAID5 on
| three loop-AES devices.
|
|
| Thanks for your help, Leo

You need a minimially installed Debian root fs. The user-mode-linux.sf.net
site has some, for example, but I usually have a custom tgz for the hardware
on a remote server.

Then boot Knoppix 3.9 (see knoppix.net) or better, setup raid first with
mdadm, then create your loop-AES devices, create filesystem on top of loop-AES
device, then unpack the tgz root fs with something like

cd /mnt
ssh me@remote "cat /path/to/debian-root.tgz" | tar xvzpf -

Then you can chroot to the debian root

chroot .

Then fix up /etc/fstab, kernel + loop-aes, install grub... and you are done.

Sorry this is brief, but there you are.

Cheers,

- ---Venkat.

- --
http://rayservers.com/                                            607-546-7300
PGP/GPG:                            https://rayservers.com/keys/0x12430522.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD24YnWdkW/RJDBSIRAlRRAKDHDXmvIukcZYm5AUBXumJxZaZYEwCaAnM7
0hIksOBOGNbTnbKgUOMH96Q=
=onF5
-----END PGP SIGNATURE-----

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Follow-Ups:
- Re: Debian on loop-AES on RAID5
  - From: Jan Luehr

References:
- Debian on loop-AES on RAID5
  - From: Leo Bogert

Prev by Date: Debian on loop-AES on RAID5
Next by Date: Re: Debian on loop-AES on RAID5
Previous by thread: Debian on loop-AES on RAID5
Next by thread: Re: Debian on loop-AES on RAID5
Index(es):
- Date
- Thread