Hi Peter, > In fact Debian has the more proper packages! Over the recent days I > did some review on [...] Canonical´s 7.10 Kubuntu > named "gusty gibbon". [...] Tribe-1 of Kubuntu 7.10 doesn´t include > such fancy things but the installation is very simple! So now to the > points which hurt. I don't take a look to ubuntu 7.10 yet, because it is still beta or even alpha. But I'm familiar with ubuntu 7.04 and earlier. So I don't know, if my comments apply to 7.10. The installer is for people without deeper knowledge of linux. If you want to use encryption (dmcrypt only, because loop-AES isn't avaiable on the live-CD or repositories), you can boot from live-cd, create your encrypted devices on the shell, and then tell the installer to use this devices. The installer will just report an error, when it tries to install the boot-manager. You have to do this yourself,.... But anything else seems to work fine,... (Of course, you have to chroot to the new system and customize it before the first boot. But there are just a few things to do,....) If you want to use loop-AES, you can boot from knoppix-cd, create the encrypted devices and then install ubuntu via debootstrap and chroot. But I wouldn't do it that way, because there are too many things, you have to configure by hand,... It's easier to install Ubuntu in the normal way and then encrypt the devices with aespipe,.... > For both distros loop-aes modules are available and The last time, I checked it, Ubuntu's loop-aes package just provide cryptoloop functionality. It don't include multi-key support or something like this. > KNOPPIX 5.2 even ships with them. The point is that their kernels are > unsuitable to boot from USB memory. .. > Regarding kernels I would > like to add that none of them has usbcore built-in which is > definitely required to boot from USB memory. That's wrong. You can boot from USB-Memory in Ubuntu without any problems. You must create an inital ramdisk with initramfs-tools, install syslinux on your usb-stick and copy the kernel, the initial ramdisk and your syslinux.cfg to your stick. That's all. And you have to create an initial ramdisk in any case, if you want to use full-disk encryption,.... There are three files, you need to modify/create: [1] /etc/initramfs-tools/modules (for the modules that you want to include in your initramfs (loop) ) [2] /etc/initramfs-tools/hooks/namedoesntmatter (for the programms that you want to include in your initramfs (gpg,losetup,...)) [3] /etc/initramfs-tools/scripts/local-top/namedoesntmatter (an script to set up your encrypted devices) See 'man initramfs-tools' for details. You don't need the "build-initrd.sh" from loop-AES. > You know you need them linked statically for use in root encryption. No, I don't think so. You only need it, if you follow exactly the steps in the README. The only thing missing in Ubuntu is an loop-AES package, that replaces the original loop module and supports multi-key mode. Everythings else works fine. If such an package would be avaiable, you could install loop-AES in analogy to dmcrypt. It is'nt very difficult to create your encrytped device on the shell from the live-cd and then tell the installer to use this devices. And the scripts in /etc/initramfs-tools/* are very small and easy to understand. Everyone, who is familiar with the shell and has some basic linux knowledge, could easily setup a system with root encryption from live-CD. cu, Rudi - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
