[Question updated 2] fail on very beggining of crypto installation

ArchQuestion · 2015-09-04 14:47:55

i follow this guides and google :
https://wiki.archlinux.org/index.php/Dm … ire_system
https://bbs.archlinux.org/viewtopic.php?id=132811
https://bbs.archlinux.org/viewtopic.php?id=120243

now i am on stage of create folder mkdir /media/usb from this guide:
https://bbs.archlinux.org/viewtopic.php?id=120243

*note that installation now done from scratch the only thing i do so far is wipe the ssd and the usb and create scheme of the partition , i dont even create the lvms.

command used:
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > root.gpg

on stage 8 he says the second stuff:
"Don't do this in two steps, e.g don't do dd to a file and then gpg on that file" , what ? better explanation please .

and i do get error when i put all the command , output:
gpg: problem with the agent: no prinentry
gpg: error creating passphrase : opration cancelled
gpg: symmetric encryption of '[stdin]' failed:operation cancelled

he dont ask me for any passphrase .

i get i not need to do dd but what should i dont please help me resolve this issue and continue to install the linux i review the all encryption sector and how it work but still can't get what he want here.

Last edited by ArchQuestion (2015-09-05 17:54:33)

ewaller · 2015-09-04 15:16:08

In the future, if you would like a moderator to move a topic from one forum to another, please use the report function and leave us a short note with your request. Do not cross post.
Thanks

ArchQuestion · 2015-09-04 15:41:52

ewaller wrote:

In the future, if you would like a moderator to move a topic from one forum to another, please use the report function and leave us a short note with your request. Do not cross post.
Thanks

ok i will know that now , thanks.

Strike0 · 2015-09-05 00:04:31

ArchQuestion wrote:

i follow this guides and google :
https://wiki.archlinux.org/index.php/Dm … ire_system
https://bbs.archlinux.org/viewtopic.php?id=132811
https://bbs.archlinux.org/viewtopic.php?id=120243
...
now i am on stage of create folder mkdir /media/usb from this guide:
https://bbs.archlinux.org/viewtopic.php?id=120243
...
he dont ask me for any passphrase .

You don't get asked for a passphrase because of pinentry default for gnupg. See the first update sentence of fabriceb's post and https://wiki.archlinux.org/index.php/GnuPG#pinentry.
I think the best for you is to follow one of the regular guides from https://wiki.archlinux.org/index.php/Dm … ire_system and - once you have the system installed - you can still switch it to another authentication for the crypto unlocking from https://wiki.archlinux.org/index.php/Dm … d_Keyfiles.

ArchQuestion · 2015-09-05 16:14:01

Strike0 wrote:

ArchQuestion wrote:
i follow this guides and google :
https://wiki.archlinux.org/index.php/Dm … ire_system
https://bbs.archlinux.org/viewtopic.php?id=132811
https://bbs.archlinux.org/viewtopic.php?id=120243
...
now i am on stage of create folder mkdir /media/usb from this guide:
https://bbs.archlinux.org/viewtopic.php?id=120243
...
he dont ask me for any passphrase .
You don't get asked for a passphrase because of pinentry default for gnupg. See the first update sentence of fabriceb's post and https://wiki.archlinux.org/index.php/GnuPG#pinentry.
I think the best for you is to follow one of the regular guides from https://wiki.archlinux.org/index.php/Dm … ire_system and - once you have the system installed - you can still switch it to another authentication for the crypto unlocking from https://wiki.archlinux.org/index.php/Dm … d_Keyfiles.

i now follow this guide:
https://wiki.archlinux.org/index.php/Dm … encryption

, for encryption the swap lvm partition , and i use the luks on lvm scheme instead of lvm on luks then should i just read it from the bottom to the top and it considered as luks on lvm instead lvm on luks? .
and another issue can you provide me a link to swap erasing every shutdown? , they notice it and it make sense to me that i should do that if i dont want leaving some old data on him , it make sense couse i know a bit how a memory is handaling by operation systems and i think i should do that if you dont think diffrentlie , [your option is importent] ,i mean maybe it would short my ssd cycle time by a half and then it not so handy and good. thanks i will wait for an update. ( if something isn't clear just let me know , because i know my english grammar is crap.) . thanks

*and i be greatfull if you can tell me if i should do that before or after encryption (erasing of the swap on shutdown).

Last edited by ArchQuestion (2015-09-05 18:02:36)

Strike0 · 2015-09-05 20:38:41

ArchQuestion wrote:

i now follow this guide:
https://wiki.archlinux.org/index.php/Dm … encryption
, for encryption the swap lvm partition , and i use the luks on lvm scheme instead of lvm on luks then should i just read it from the bottom to the top and it considered as luks on lvm instead lvm on luks? .
and another issue can you provide me a link to swap erasing every shutdown?

If you follow https://wiki.archlinux.org/index.php/Dm … UKS_on_LVM, the swap encryption is fresh/new each time you boot (i.e. swap is virtually erased because the encryption key is forgotten on shutdown). Nothing more to do.

If you follow https://wiki.archlinux.org/index.php/Dm … VM_on_LUKS, the swap encryption stays the same over reboot. To make this swap forget its encryption key, you need extra configuration for the swap logical volume in crypttab. BUT doing this will double swap encryption and can be troublesome. Therefore, in this case it is better not to keep the swap as a lvm logical volume but use an extra swap partition (outside of lvm) and configure it according to https://wiki.archlinux.org/index.php/Dm … sk_support.

edit: regarding your question of the ssd cycle: It does not matter. Having the swap with a fresh encryption each time you boot does not mean the swap partition is formatted fresh on boot or wiped fully on shutdown. Only encryption key changes. That means: no extra ssd usage.

Last edited by Strike0 (2015-09-05 20:46:41)

ArchQuestion · 2015-09-06 08:18:39

Strike0 wrote:

ArchQuestion wrote:
i now follow this guide:
https://wiki.archlinux.org/index.php/Dm … encryption
, for encryption the swap lvm partition , and i use the luks on lvm scheme instead of lvm on luks then should i just read it from the bottom to the top and it considered as luks on lvm instead lvm on luks? .
and another issue can you provide me a link to swap erasing every shutdown?
If you follow https://wiki.archlinux.org/index.php/Dm … UKS_on_LVM, the swap encryption is fresh/new each time you boot (i.e. swap is virtually erased because the encryption key is forgotten on shutdown). Nothing more to do.
If you follow https://wiki.archlinux.org/index.php/Dm … VM_on_LUKS, the swap encryption stays the same over reboot. To make this swap forget its encryption key, you need extra configuration for the swap logical volume in crypttab. BUT doing this will double swap encryption and can be troublesome. Therefore, in this case it is better not to keep the swap as a lvm logical volume but use an extra swap partition (outside of lvm) and configure it according to https://wiki.archlinux.org/index.php/Dm … sk_support.
edit: regarding your question of the ssd cycle: It does not matter. Having the swap with a fresh encryption each time you boot does not mean the swap partition is formatted fresh on boot or wiped fully on shutdown. Only encryption key changes. That means: no extra ssd usage.

just remind in one question , if also gonna encrypt the boot , if i gonna encrypt i gonna encrypt everything why not .
so the tutorial for boot encryption is for people who use lvm on luks. my question is if i read the grub encryption tutorial for lvm on luks from the bottom to the top is it considered for luks on lvm?

Strike0 · 2015-09-06 09:21:44

If you use a separate partition for /boot, the grub encryption can be used with luks on lvm yes.

ArchQuestion · 2015-09-06 10:17:07

Strike0 wrote:

If you use a separate partition for /boot, the grub encryption can be used with luks on lvm yes.

yes but the tutorial is for lvm on luks , my question is if i gonna read the tutorial from the bottom to the top (from the end to the beginning is it become a luks on lvm tutorial or should i continue looking for another?).

Strike0 · 2015-09-06 20:58:16

No. Your question shows you have not understood what the difference between the two is. Please read the introduction of each again. I see you have a language barrier, but I don't think that's the problem. Once you have done (any)one of the tutorials you will understand it makes no sense to "read it from the bottom upward".

ArchQuestion · 2015-09-07 09:53:32

Strike0 wrote:

No. Your question shows you have not understood what the difference between the two is. Please read the introduction of each again. I see you have a language barrier, but I don't think that's the problem. Once you have done (any)one of the tutorials you will understand it makes no sense to "read it from the bottom upward".

i think i understood now and yes my question looks dump to me either now , i understood now that the boot is separate partition and it doesn't metter what kind of encryption i gonna use on the lvm , because the boot encryption is encrypted on diffrent partition , so if i follow the steps of the boot encryption but implement the luks on lvm instead of lvm on luks like they show in the mix tutorial of the two ( boot + lvm on luks) it will be encrypted as i well without problem.

thanks you and have a beautiful day.

Last edited by ArchQuestion (2015-09-07 10:02:17)

Strike0 · 2015-09-07 10:58:53

ArchQuestion wrote:

i understood now that the boot is separate partition and it doesn't metter what kind of encryption i gonna use on the lvm , because the boot encryption is encrypted on diffrent partition

Exactly. You can also follow the tutorial and change the grub install on the boot partition from unencrypted to encrypted later, after the system works. Just saying this in case it is easier for you than to mix tutorials right away.

Have a good day too.

ArchQuestion · 2015-09-07 18:34:27

Strike0 wrote:

ArchQuestion wrote:
i understood now that the boot is separate partition and it doesn't metter what kind of encryption i gonna use on the lvm , because the boot encryption is encrypted on diffrent partition
Exactly. You can also follow the tutorial and change the grub install on the boot partition from unencrypted to encrypted later, after the system works. Just saying this in case it is easier for you than to mix tutorials right away.
Have a good day too.

got two questions,
first when he mean that "Create the LUKS encrypted container at the "system" partition." , what exacly partition did he mean? 8300 or the efi boot partition or even maybe they mean by system the lvm partition(but i dont think so) ?
after that he say that : First, create the LUKS container where the files will be located and installed into , what partition did he mean efi or the 8300 ?

https://wiki.archlinux.org/index.php/Dm … al_volumes ( at the end).

after a bit of research it seems like the system partition is refer for root partition am i right? and then i should first of all encrypt the root partition
thanks

Last edited by ArchQuestion (2015-09-07 22:41:29)

Strike0 · 2015-09-08 07:54:29

Look at the diagram in https://wiki.archlinux.org/index.php/Dm … al_volumes
the "system" partition sdaX contains three logical volumes, including one for /
The second quote from https://wiki.archlinux.org/index.php/Dm … artition_5
refers to the /boot partition (type 8300).

ArchQuestion · 2015-09-08 09:30:49

Strike0 wrote:

Look at the diagram in https://wiki.archlinux.org/index.php/Dm … al_volumes
the "system" partition sdaX contains three logical volumes, including one for /
The second quote from https://wiki.archlinux.org/index.php/Dm … artition_5
refers to the /boot partition (type 8300).

alright so the first partition is the actually represation of lmv on luks encryption because it the actually encryption of the lvm primary partition.

but the quetion is now about the second one the root parition for me is an lvm partition inside of the lvm primary , do i need a small another root partition outside of the lvm parition? it not makes nvm.

Last edited by ArchQuestion (2015-09-08 13:54:56)

Strike0 · 2015-09-08 14:07:10

The (one) root is a lvm logical volume not a partition. I believe it would help you, if you just do one install in a virtual machine or on an usb-device to test the stuff you want to do.

ArchQuestion · 2015-09-08 15:55:07

Strike0 wrote:

The (one) root is a lvm logical volume not a partition. I believe it would help you, if you just do one install in a virtual machine or on an usb-device to test the stuff you want to do.

but why i need 8300 type partition and efi partition ?

Last edited by ArchQuestion (2015-09-08 17:32:02)

Strike0 · 2015-09-08 18:00:09

ArchQuestion wrote:

but why i need 8300 type partition and efi partition ?

If your system boots in EFI mode, you need an efi partition. If not, you don't. 8300??

ArchQuestion · 2015-09-08 18:23:23

Strike0 wrote:

ArchQuestion wrote:
but why i need 8300 type partition and efi partition ?
If your system boots in EFI mode, you need an efi partition. If not, you don't. 8300??

forget it i piss a bit off about all the thing , i actually install linux about a week lol maybe two. forget for now about the boot encryption i do it when i install all the system + a gui enviroment of kde and all of that.

haha thank you for googeling for me it , lol. it seems like 8300 it legacy boot but why the hell i need him?

but if you can answer i still couriase about the 2 partitions , yes i use efi scheme and when in the guide they encrypt the boot they actually dont ecrypt the eufi boot they encrypt the 8300 partition they create , and i would like to know why.
in my scheme that partition dont exist at all.
i only have a eufi parition + lvm psyc partition that contain all my lvm partitions.

importment:
_______________________________________________________________________
but for now i follow the luks on lvm and they said i need to do that command:
cryptdevice=/dev/lvm/lvroot:crytoroot root=/dev/mapper/cryptoroot

do i need specific it in the /etc/default/grub? at GRUB_CMDLINE_LINUX_DEFAULT?

or i need specifice this on global config and in the grub just specifi the location of the encrypto partition of root?

Last edited by ArchQuestion (2015-09-08 19:03:41)

jasonwryan · 2015-09-08 19:09:38

This is help vampirisim: stop expecting your hand to be held and start reading the documentation and experimenting yourself.

ArchQuestion · 2015-09-08 20:25:39

jasonwryan wrote:

This is help vampirisim: stop expecting your hand to be held and start reading the documentation and experimenting yourself.

man i dont know why you consider me a help vampirisim but ok i will stop , i mean i trying hard and yes i read the documantion , search on google , update always the post when i move on so the next question can be leaving here until someone answer me or i find the answer and update the question . i dont think i ask the obvious couse maybe for you it is the obvious but not for me .
anyway i will try to harder and would change the way i ask the question, like i dont gonna post anymore the next question im after here , and will try experiment my self more than i do.

Last edited by ArchQuestion (2015-09-08 20:28:48)

Arch Linux

#1 2015-09-04 14:47:55

[Question updated 2] fail on very beggining of crypto installation

#2 2015-09-04 15:16:08

Re: [Question updated 2] fail on very beggining of crypto installation

#3 2015-09-04 15:41:52

Re: [Question updated 2] fail on very beggining of crypto installation

#4 2015-09-05 00:04:31

Re: [Question updated 2] fail on very beggining of crypto installation

#5 2015-09-05 16:14:01

Re: [Question updated 2] fail on very beggining of crypto installation

#6 2015-09-05 20:38:41

Re: [Question updated 2] fail on very beggining of crypto installation

#7 2015-09-06 08:18:39

Re: [Question updated 2] fail on very beggining of crypto installation

#8 2015-09-06 09:21:44

Re: [Question updated 2] fail on very beggining of crypto installation

#9 2015-09-06 10:17:07

Re: [Question updated 2] fail on very beggining of crypto installation

#10 2015-09-06 20:58:16

Re: [Question updated 2] fail on very beggining of crypto installation

#11 2015-09-07 09:53:32

Re: [Question updated 2] fail on very beggining of crypto installation

#12 2015-09-07 10:58:53

Re: [Question updated 2] fail on very beggining of crypto installation

#13 2015-09-07 18:34:27

Re: [Question updated 2] fail on very beggining of crypto installation

#14 2015-09-08 07:54:29

Re: [Question updated 2] fail on very beggining of crypto installation

#15 2015-09-08 09:30:49

Re: [Question updated 2] fail on very beggining of crypto installation

#16 2015-09-08 14:07:10

Re: [Question updated 2] fail on very beggining of crypto installation

#17 2015-09-08 15:55:07

Re: [Question updated 2] fail on very beggining of crypto installation

#18 2015-09-08 18:00:09

Re: [Question updated 2] fail on very beggining of crypto installation

#19 2015-09-08 18:23:23

Re: [Question updated 2] fail on very beggining of crypto installation

#20 2015-09-08 19:09:38

Re: [Question updated 2] fail on very beggining of crypto installation

#21 2015-09-08 20:25:39

Re: [Question updated 2] fail on very beggining of crypto installation

Board footer