Full disk encryption

Message
Author
User avatar
c4os
Posts: 29
Joined: Tue Jun 19, 2018 12:28 pm

Re: Full disk encryption

#21 Post by c4os »

c4os wrote: Sat Jun 23, 2018 8:17 am After I removed the lines in MX the message still exists, but it takes no time to wait for poweroff.
Not really a solution! I had problems to boot my laptop after this changes.
Sometimes it boot into a black screen and looks like it stuck in a resume mode.
It comes up after removing power and battery. No problems with the old config,except the busy timeout like before.
Powered on: MX 17 Horizon x86_64
Hardware: Dell Latitude E4300 - CPU: Intel Core 2 Duo P9600 (2) @ 2.535GHz - Memory: 4GB
Style: Resolution: 1280x800 - WM Theme: Balou - Theme: Blackbird [GTK2/3] - Icons: Papirus-Dark [GTK2]

User avatar
c4os
Posts: 29
Joined: Tue Jun 19, 2018 12:28 pm

Re: Full disk encryption

#22 Post by c4os »

I tried to log my shutdown messages, but can't find a shutdown log (/var/log/wtmp).

Code: Select all

poweroff -w
wont work.
Powered on: MX 17 Horizon x86_64
Hardware: Dell Latitude E4300 - CPU: Intel Core 2 Duo P9600 (2) @ 2.535GHz - Memory: 4GB
Style: Resolution: 1280x800 - WM Theme: Balou - Theme: Blackbird [GTK2/3] - Icons: Papirus-Dark [GTK2]

User avatar
HessenZone
Posts: 57
Joined: Wed Jun 27, 2018 11:17 am

Re: Full disk encryption

#23 Post by HessenZone »

c4os wrote: Sun Jun 24, 2018 9:15 am Can you recommend a good code reader/editor?
I don't go beyond simple html, php, and some minor javascript, but my all-time favorite code editor of the past 25 years is .... drum roll please ...

Komodo Edit. These people also make Komodo IDE, but the first one is the free one. Installations for Windows, Linux, and Mac available. Automated embedded functions and customizable like you wouldn't believe. Anyway, here are the links:

http://downloads.activestate.com/Komodo/releases/
Pick whichever version you prefer, then download tar.gz or msi version for Windows. I'm using version 10.2

https://www.activestate.com/komodo-ide
Non-free Komodo IDE for all of the super coders who dream about lines of code at night. ;) :p :happy: :number1:
.

MX Linux Rocks, in America, in Europa, in Australien, einfach ÜBERALL. :linuxlove:

grelos
Posts: 69
Joined: Wed Mar 28, 2018 3:12 pm

Re: Full disk encryption

#24 Post by grelos »

+1 for FDE.
MX-19 on Lenovo 520-15IKB

User avatar
delm
Posts: 2
Joined: Sat Jul 07, 2018 1:27 pm

Re: Full disk encryption

#25 Post by delm »

anticapitalista wrote: Fri May 11, 2018 5:24 pm How many times do you have to input the encryption passphrase?
Does the system use LUKS over LVM? Should it?
Why not adopt the method used by Debian by default:
Prompted once, after the grub. First LUKS, then LVM.

Anyway, if the password is long, it would be logical
to enter the password only once.

User avatar
rghv
Posts: 2
Joined: Tue Jul 10, 2018 11:17 am

Re: Full disk encryption

#26 Post by rghv »

FDE for MxLinux would be great! +1 for the feature!

> Why not adopt the method used by Debian by default: Prompted once, after the grub. First LUKS, then LVM.

+1. First LUKS, then LVM.

One helpful reference here is https://www.linode.com/docs/security/en ... ncryption/ which demonstrates the workflow.

As to how that can be added to the installer itself, this is how Calamares seems to have done it. http://linuxbsdos.com/2016/11/08/disk-e ... installer/

BTW, has anyone tried Calamares+MXLinux? If so, FDE would be a solved problem already!
Before systemd ---> :cool: :happy: :hug: :rock: :clap: :linuxlove: :biggrin:
After systemd ---> :eek: :mad: :frown: :alien: :crossfingers: :frustrated: :letmeout: :killcomputer: :yuck: :duel: :thumbdown: :huh: :embarrassed:

bigbenaugust
Posts: 56
Joined: Wed Dec 20, 2017 10:41 am

Re: Full disk encryption

#27 Post by bigbenaugust »

The refracta installer used by some Devuan-based distros does it too, you just have to click the right boxes and live with ext4.
--Ben

User avatar
dolphin_oracle
Developer
Posts: 19926
Joined: Sun Dec 16, 2007 1:17 pm

Re: Full disk encryption

#28 Post by dolphin_oracle »

rghv wrote: Tue Jul 10, 2018 11:31 am FDE for MxLinux would be great! +1 for the feature!

> Why not adopt the method used by Debian by default: Prompted once, after the grub. First LUKS, then LVM.

+1. First LUKS, then LVM.

One helpful reference here is https://www.linode.com/docs/security/en ... ncryption/ which demonstrates the workflow.

As to how that can be added to the installer itself, this is how Calamares seems to have done it. http://linuxbsdos.com/2016/11/08/disk-e ... installer/

BTW, has anyone tried Calamares+MXLinux? If so, FDE would be a solved problem already!

we looked at calamares earlier this year. we would need to write a new copylinux (or whatever they call it) to install the system since calamares doesn't support our live copy method out of the box. Not impossible, and we may return to it someday, but for now we've stuck with what we know works with our live system.

The point of the double-password question is that it is *possible* to install /boot onto the encrypted root partition, but most distros do not do this, relying on an unencrypted boot partition to actually launch the rest of the system. having the /boot on the encrypted root partition necessitates the extra password entry step, when grub asks for it, then again when the system loads the linux kernel asks for it.
http://www.youtube.com/runwiththedolphin
lenovo ThinkPad X1 Extreme Gen 4 - MX-23
FYI: mx "test" repo is not the same thing as debian testing repo.

User avatar
delm
Posts: 2
Joined: Sat Jul 07, 2018 1:27 pm

Re: Full disk encryption

#29 Post by delm »

dolphin_oracle wrote: Tue Jul 10, 2018 12:09 pm The point of the double-password question is that it is *possible* to install /boot onto the encrypted root partition, but most distros do not do this, relying on an unencrypted boot partition to actually launch the rest of the system. having the /boot on the encrypted root partition necessitates the extra password entry step, when grub asks for it, then again when the system loads the linux kernel asks for it.
You can solve this problem by creating a LUKS key and placing it in the initrd. If this can't be realized, its better to agree with the logic that Debian uses. Encrypting /boot we increase security not so significantly, but we lose a lot in convenience when entering a password twice. If the user decides to encrypt the entire system, not just /home with eCryptfs or some folders with EncFS, its worth hoping that he does it for important reasons. Then he will use a long and complex password, >20 hard-to-type letters. Entering such a password twice will be annoying.

Could you inform how soon is the FDE option planned for implementation?

User avatar
dolphin_oracle
Developer
Posts: 19926
Joined: Sun Dec 16, 2007 1:17 pm

Re: Full disk encryption

#30 Post by dolphin_oracle »

delm wrote: Tue Jul 10, 2018 2:58 pm
dolphin_oracle wrote: Tue Jul 10, 2018 12:09 pm The point of the double-password question is that it is *possible* to install /boot onto the encrypted root partition, but most distros do not do this, relying on an unencrypted boot partition to actually launch the rest of the system. having the /boot on the encrypted root partition necessitates the extra password entry step, when grub asks for it, then again when the system loads the linux kernel asks for it.
You can solve this problem by creating a LUKS key and placing it in the initrd. If this can't be realized, its better to agree with the logic that Debian uses. Encrypting /boot we increase security not so significantly, but we lose a lot in convenience when entering a password twice. If the user decides to encrypt the entire system, not just /home with eCryptfs or some folders with EncFS, its worth hoping that he does it for important reasons. Then he will use a long and complex password, >20 hard-to-type letters. Entering such a password twice will be annoying.

Could you inform how soon is the FDE option planned for implementation?
hopefully by the end of the year...
http://www.youtube.com/runwiththedolphin
lenovo ThinkPad X1 Extreme Gen 4 - MX-23
FYI: mx "test" repo is not the same thing as debian testing repo.

Post Reply

Return to “General”