-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/28/2006 09:19 AM, Leo Bogert wrote: | Hi, | | I just built a 600 GB (3x 300GB RAID5) Fileserver which I want to be | full-disk-encrypted with Debian and loop-AES. (This already shows you that I | like loop-AES very much ;) | | Unfortunately, it's been two or three years since I last set up a | full-disk-encrypted box with loop-AES. Back then I was using Slackware. As | far as I remember, I booted an already present linux system with the | destination disk attachted, created the partitions on the destination disk, | encrypted them and then used the ability of the Slackware setup to install | slackware from within a running linux environment. | Thus, the installation was directly written encrypted to disk, and after | installing I just had to fix up the boot partition to support loop-AES with | a custom kernel. | | Now, as far as I know, Debian does not support being installed from within a | running linux. | Plus, the fact that I want RAID5 _and_ loop-AES makes it more complicated. | My question to you is: Can anyone hint me out on some Website which explains | an approach for doing this easily? | | What I want is: | - NO unencrypted data being written to the disk-array, that would not be | clean enough :) I.e. I dont want to install debian first and encrypt after | installing. | - If I'm right it would be better to do AES on RAID5 instead of RAID5 on | three loop-AES devices. | | | Thanks for your help, Leo You need a minimially installed Debian root fs. The user-mode-linux.sf.net site has some, for example, but I usually have a custom tgz for the hardware on a remote server. Then boot Knoppix 3.9 (see knoppix.net) or better, setup raid first with mdadm, then create your loop-AES devices, create filesystem on top of loop-AES device, then unpack the tgz root fs with something like cd /mnt ssh me@remote "cat /path/to/debian-root.tgz" | tar xvzpf - Then you can chroot to the debian root chroot . Then fix up /etc/fstab, kernel + loop-aes, install grub... and you are done. Sorry this is brief, but there you are. Cheers, - ---Venkat. - -- http://rayservers.com/ 607-546-7300 PGP/GPG: https://rayservers.com/keys/0x12430522.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFD24YnWdkW/RJDBSIRAlRRAKDHDXmvIukcZYm5AUBXumJxZaZYEwCaAnM7 0hIksOBOGNbTnbKgUOMH96Q= =onF5 -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
