You are not logged in.

#1 2013-05-12 19:51:41

lopfi
Member
Registered: 2013-05-12
Posts: 5

Arch on full encrypted hdd tutorial

Have not installed arch yet. Technical arch answers I probably cannot read. I have used ubuntu for some time.
I searched wiki for encryption instructions, but it said that the page was obsolet. I found this guide, can it be used on the current arch download?
http://sudoeric.com/2011/09/installing- … rch-linux/ Thanks.

Offline

#2 2013-05-12 19:59:22

karol
Archivist
Registered: 2009-05-06
Posts: 25,432

Re: Arch on full encrypted hdd tutorial

Please post the link to the obsolete page.

The guide you linked to is for old Arch installs. Installing Arch looks a bit different now: https://wiki.archlinux.org/index.php/Installation_Guide

Last edited by karol (2013-05-12 20:00:45)

Offline

#3 2013-05-12 20:37:18

jasonwryan
Forum & Wiki Admin
From: .nz
Registered: 2009-05-09
Posts: 19,369
Website

Re: Arch on full encrypted hdd tutorial

lopfi wrote:

Have not installed arch yet. Technical arch answers I probably cannot read.

Then do not install Arch; if you can't (or won't) read the documentation, you will be wasting your, and the community's, time...


Not an Installation issue, moving to Newbie Corner.


Arch + dwm   •   Mercurial repos  •   Github

Registered Linux User #482438

Offline

#4 2013-05-13 07:41:52

lopfi
Member
Registered: 2013-05-12
Posts: 5

Re: Arch on full encrypted hdd tutorial

Adm
All around it says, that arch forum is an unfriendly place. And it is true. If I find out how to arch full hard drive encryption, it is not a waste for me. It may be for you. I read a wiki about the subject, it said it was outdated. No adm had wasted updating it.

Karol
The installation guide link you wrote, at installation, partition disks has a luks link,
about system encryption.
https://wiki.archlinux.org/index.php/Dm-crypt_with_LUKS
That is the obsolete page I referred to.  At caveats it says This article or section is out of date.
On another forum I got this link about system encryption.
https://gist.github.com/alphazo/4091036
Not easy for me to read.
Maybe arch users are so skilled, no full system encryption instructions are required, or no users make use of full system encryption.
Thank you.

Last edited by lopfi (2013-05-13 07:43:23)

Offline

#5 2013-05-13 08:29:06

MilenKid
Member
Registered: 2013-04-21
Posts: 86

Re: Arch on full encrypted hdd tutorial

Hello,

Guide is good so for understanding the principle.
Long story short:

1. Prepare your partitions (cfdisk/fdisk) )
2. Crypt them using cryptsetup [...] luksformat. /boot should be non-encrypted, swap is optional (read wiki
3. Make FS system on them (mkfs -t part)
4. mount / to /mnt and other to subdirs of mnt (like etc -> /mnt/etc)
4. Add relevant kernel hooks (initcpio) and modules (initcpio) & bootloader options (syslinux/grup).

Enjoy.

Better try in a VM before if you are not sure.

Yes, the forums seem to be a bit unfriendly and many people assume you did not read anything before asking, might be the Ubuntu legacy but it's better than in the good old IRC times when you were told RTFM for everything, where "F" = ....

Last edited by MilenKid (2013-05-13 08:40:28)

Offline

#6 2013-05-13 10:18:19

lopfi
Member
Registered: 2013-05-12
Posts: 5

Re: Arch on full encrypted hdd tutorial

Milenkid
I assume you master full hard drive, system encryption on linux. Maybe you will answer these off topic questions.
I do not want computers without system encryption. When I wanted to install ubuntu, I read about luks, but it was to difficult and I got stuck. Then I found the ubuntu alternate edition, which has a full system encryption installation procedure. I looked up arch because I have an ancient mainboard that seems not to have power to run ubuntu 12. And because I have read that arch supports raspberry py. From what I read, and see in ubuntu disk manager, it is the same linux encryption software, that is being used.
Q: In ubuntu alternate, the luks system encryption has been built into the installer, but it does the same thing?
Q: If you master linux partitioning and the luks system encryption commands, you can get full system encryption on any linux distribution?

About your answer, I am not able to follow. I have no clue, what I actually must do. That is why I asked my question to begin with, because that page gives a step by step instruction. Maybe you can give links, showing some easy to read instructions about linux partitioning and system encryption using luks.
Thanks.

Offline

#7 2013-05-13 10:31:21

MilenKid
Member
Registered: 2013-04-21
Posts: 86

Re: Arch on full encrypted hdd tutorial

Hello,

I do not master it, I'm actually struggling with it that's why I open all topics about it. smile.

Regarding your questions, I don't know. I used other distributions, but not with full system encryption, I usually used Truecrypt for sensitive data.

There are more systems, read here if you haven't yet: https://wiki.archlinux.org/index.php/Disk_encryption . Luks with dm-crypt seems to be the standard, it encrypts block devices not separate files/folder.

Have you ever installed an arch distribution (without encryption)?

Offline

#8 2013-05-13 13:32:58

lopfi
Member
Registered: 2013-05-12
Posts: 5

Re: Arch on full encrypted hdd tutorial

Milenkid
I have not installed arch at this point. Because I wanted to investigate the system encryption, and get it straight away if possible. Installation should be possible, there is the beginners guide and youtube. What I have read is, that making the programs you want run, is more difficult.
Not like windows truecrypt, to get system encryption on linux should be even more difficult after installation.
It is like system encryption is not a parameter for users, and therefore is paid no attention. I have not found, they may very well be out there, any other linux distro than ubuntu, supporting system encryption, and only on an alternate edition you have to find for yourself. Ubuntu has made public, that upcoming editions will support system encryption on their main iso.
If you have a duo core computer, running ubuntu 12.04 is not a problem.
Ubuntu 12.04 alternate you can download here
http://www.mirrorservice.org/sites/cdim … 4/release/
I think it is the ubuntu 12.04 alternate powerpc.iso for windows computers.
It had a different name when I downloaded the iso.
If you do not trust my link. Search for ubuntu. Press download. Press ubuntu desktop.
Scroll down. Press alternative downloads. Scroll down other images and select a mirror.
I am not going to recommend ubuntu 12.04.
Lately ubuntu has made some unacceptable moves, if you are about privacy. Scopes and lenses. But  ubuntu being open software, you can remove them. Just keep an eye on it.
Searching for system encryption features on linux distros, I once got the encrypt your home folder argument a lot. It appeared that those giving that answer, did not know how to system encrypt themselves. What if you do not want to show, what programs you have installed? Does it never happen, that an application stores some piece of information outside the encrypted home folder?
System encryption, if it works, then all is encrypted.
I guess those mastering the system encryption do not answer forum questions, but make mio on their jobs.
I will post my questions on other forums.
Thanks.

Offline

#9 2013-05-13 14:49:00

MilenKid
Member
Registered: 2013-04-21
Posts: 86

Re: Arch on full encrypted hdd tutorial

lopfi, this is not a ubuntu vs arch thing. I know ubuntu and I don't like many things about it, including the privacy thing (I don't want to support a company that opts-in users to do that, let's be honest not even big bad windows is doing this). Ubuntu is simpler, for sure. Ubuntu encourages an Windows-ish approach to *NIX. I think going with Arch will allow you to learn many things and have a really stable and smooth computer. My desktop, except the I/O - CPU problem described in other post is blazing fast and very comfy. I feel relaxed knowing I have control over everything, I'm a bit paranoid anyway.

Coming back, arch + luks is not that hard. Give it a try. It's easier if you installed ARCH before so you know how the process goes and if you know the basic things. Differences are only in partitioning, creating kernel image and bootloader, but last ones are very simple.

I told you what to read and gave you all the necessary points to follow. Also, recommendation you do it in virtual-box first, not to mess your whole hdd by mistake.

I'd say, try to do it based on wiki (begginers guide + luks guide + whatever other posts you find) and if you fail come to the forum describing the mistakes and asking for feedback. Before, read the wiki and ask questions about aspects that are unclear to you.

Offline

#10 2013-05-13 15:17:43

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,412

Re: Arch on full encrypted hdd tutorial

I don't think that jasonwryan was trying to be rude or mean in any way.  He is absolutely right.  If you are not willing to read the documentation and learn, there is no point in you installing Arch Linux as you will just struggle endlessly.  And if you are willing to open up a forum thread before you have even installed... I can only imagine what things might be like if you actually get through an installation and then continue to refuse to read the documentation.

I think FWIW, it should be mentioned that installation of Arch Linux in itself is not quite what you would expect from other distributions.  It kind of sounds like you have some expectation that there will either be the option to encrypt in an installer, or you will have to manually set up encryption and then continue with an installer.  You should know that there is no "installer" in the traditional sense.  There is only you the user... you are the installer.  Everything is manual, though things are made a slight bit easier with some install scripts.  So I think before you go thinking that Arch Linux might be a good choice for you for full system encryption, you should have a look at the beginners guide to see if this kind of system might work for you.  The beginners guide will give you somewhat of an idea of how terminal centric the basic maintenance of an Arch Linux system is.

Also, I think it should be mentioned that you should not use youtube guides!!!  Things change quicky around here, and blogs, youtube videos, etc that offer step by step guides often quickly become outdated and are not fixed.  Also, one of the amazing things about the way our installation works, is that you gain a real understanding of how and why things are done during an installation.  If you find a guide that just tells you to blindly copy and paste commands, you will have neither and understanding of what you did nor why you did them.  I think this is also true for any Luks setup you may find.

One more thing.  You mention that the Luks page is marked as out of date.  This is another instance i which you should be a it more willing to read, as the reasoning for the "out of date" flagging is clearly given within that banner itself (you don't even have to click a link... just read the text).  It is not marked out of date because the info on dm-crypt/Luks is bad, it is because the installation proceedure for Arch Linux itself has changed.  Really, that part shoudn't be included on that page anyway, as it is just repeating what is already clearly given on the beginners guide.

I acutally used that page not two months ago to encrypt a system (just to learn).  It is a long page, but the info is good.  You just have to weed out what is frmo the old installation method and what is not.  It shouldn't be too hard, as the instllation parts are pretty clearly referencing the Arch Instalation Framework (AIF) which is now deprecated and gone.

Offline

#11 2013-05-14 20:32:43

lopfi
Member
Registered: 2013-05-12
Posts: 5

Re: Arch on full encrypted hdd tutorial

Milenkid
//lopfi, this is not a ubuntu vs arch thing.
No, it is not. I misunderstood. I thought you planned to install arch. If system encryption is important to you, I suggested ubuntu, because it is supported during installation.
//(I don't want to support a company that opts-in users to do that, let's be honest not even big bad windows is doing this).
I agree. Scope lenses in one step made ubuntu worse than windows 7 etc. So far scopes lenses can be removed and are only part of unity. On ubuntuforums I asked, how may spy scopes lenses are on ubuntu 12.04. The post got censored. Adms with misunderstood loyalty. Amateurs. 
//I think going with Arch will allow you to learn many things
I agree. When using windows I said, what if windows does not work. Or make features I cannot accept. I read ubuntu was the easiest linux distro. I was not able to make it usable. Tried another linux distro. Same result. Tried ubuntu again. And got it going. On a forum I asked a question. I wrote, I do not know about terminal. If terminal is part of the answer, please answer precisely. One answered, you must handle terminal, or you cannot use ubuntu, meaning get out. I did not. I can see, now, that some who answers on forums do not know that much. And others know very much.
Here I got the same reaction. If you cannot handle, get out.  I get that arch is ubuntu, but on a higher level. And more independent?
//I/O - CPU problem
What is that?
About system encryption, I have these links.
https://bbs.archlinux.org/viewtopic.php?id=155425
It seems gat got it.
https://archimedesden.wordpress.com/201 … installer/
https://help.ubuntu.com/community/Encry … iaUbiquity
I was told, that this should work on peppermint, maybe it works on arch too.
I do not follow the instructions completely.

Wonderwoofy
You are not in favor of step by step instructions and you will not make one on full system encryption?
Without step by step instructions where I do not have insight in what is being done, there would be a lot I could not do on windows and linux.
I agree, it is better to know and read it all. Not very easy.
When I read, arch has only an prompt when installed, I realized, that arch is different.
Still interesting.

Offline

#12 2013-05-14 20:57:03

Xyne
Moderator/TU
Registered: 2008-08-03
Posts: 5,725
Website

Re: Arch on full encrypted hdd tutorial

lopfi wrote:

Wonderwoofy
You are not in favor of step by step instructions and you will not make one on full system encryption?
Without step by step instructions where I do not have insight in what is being done, there would be a lot I could not do on windows and linux.
I agree, it is better to know and read it all. Not very easy.
When I read, arch has only an prompt when installed, I realized, that arch is different.
Still interesting.

Nobody here expects you to learn everything about system encryption so that you can do it on your own without a guide. If that was the attitude here then there would not be a wiki with so many step-by-step guides (including a beginner's guide for installing the system).

The point that people are trying to make here is that you will not find a simple guide in the form

1) enter command 1
2) enter command 2
...
You now have an encrypted setup!

There are guides such as The LUKS wiki page that will help you set up full disk encryption, but you as a user should do some research about different encryption systems (block encryption vs file encryption, LUKS vs TrueCrypt, eCryptfs vs EncFS, etc.). These are choices. There is no absolute answer to the question "which one should I use" because it depends on you.

The reason so many people say that users here is rude is because so many people show up and expect everyone here to hold their hand and walk them through everything. That's not what the community is for. People here will help you overcome specific issues if you show that you are making a real effort yourself to figure out the problem. Being lazy and asking others to do work for you while you do nothing is what is really rude, in my opinion.

jasonwryan pointed out that Arch is not for you if you are not prepared to spend time learning things and trying to understand technical aspects of the system. Arch claims to be for "experienced Linux users", but the truth is that it's for users who are willing to make an effort to overcome challenges and learn new things. It's not about previous experience but rather attitude, and users who appear to be Help Vampires are pointed to a more appropriate distribution, because they will not be happy here.


If you really want to use Arch, start with the LUKS page above and do some reading about different encrypt schemes. Decide for yourself which one is best for you and try to set it up. If you get stuck on specific errors, ask about them, but do your homework first.

Offline

#13 2013-05-14 21:31:25

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,412

Re: Arch on full encrypted hdd tutorial

I just re-read my post.  I cannot find any part where I indicated that I was not "in favor of step by step instructions" so much as I was telling you that it was bad to just get a list of commands the blindly copy and paste (just as Xyne has pointed out above).  Also, why in the world would I want to make you a set of step by step instructions when, as I have already clearly pointed out, the information on the dm-crypt/Luks page is good info.  There is just a bit of extraneous information included which has nothing to do with actual dm-crypt/Luks usage.

Not trying to be rude, I really think that you should seek out a Linux distribution that would be more suited to your preference of use without understanding.  There are many disntributions which cater to such usage.  In fact, most of them do.  I just really think that if in your first thread, you already think the community is rude, and you want your hand held, you are going to have a hell of a time using Arch Linux.

As Xyne also pointed out, you don't have to be a Linux expert to do well with Arch Linux, you just have to be willing to learn.  This means lots of reading and (potentially) lots of time commitment for maintenance.  And you ahve made it very clear that you are not willing to do that.

Offline

#14 2013-05-19 21:54:07

Strike0
Member
From: Germany
Registered: 2011-09-05
Posts: 1,277

Re: Arch on full encrypted hdd tutorial

lopfi wrote:

Q: In ubuntu alternate, the luks system encryption has been built into the installer, but it does the same thing?

Yes. The difference is that the ubuntu alternate installer (which is afaik discontinued now and before they got it from the Debian alternate installer anyway) uses an older cryptsetup (luks) release. You have more options with the newer release on Arch (but probably none that interest you at this stage).

lopfi wrote:

Q: If you master linux partitioning and the luks system encryption commands, you can get full system encryption on any linux distribution?

If you also understand in detail how that other linux distribution boots and are able to adjust that for it recognising your encrypted system partition, then yes, However, you should stick to the options the distro gives you or you end up breaking something else (e.g. updates)  ..

In my view three pages in the wiki (installation guide, beginners guide and that luks page) have step-by-step instructions for everything the alternate installer does. If you cannot technically grasp what is important for you to do and what is optional, you should not try or learn-by-doing. My advice to you would be to use the distro you have running (e.g. Ubuntu) and install Arch with an encrypted root partition in a virtual machine. All you want you can try in a VM and learn that way. Then you will see what you are comfortable & have fun with !!

Offline

Board footer

Powered by FluxBB