i understand that it wasn't taken into consideration that someone can attach existing encrypted device, but only that a new one will be created. this is inconsistent with how it goes with unencrypted partitions, where you can reattach them without formatting and keep your data. so i guess with encrypted partition this should also work that way. or maybe i miss the point? i will try to make the whole scenario clear, and then send my proposition, to debian-boot@xxxxxxxxxxxxxxxx
On 30 October 2011 23:25, Jonas Meurer <jonas@xxxxxxxxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Aleksander,
Am 30.10.2011 19:56, schrieb Aleksander Swirski:
> I will also try to push this info to the debian devs. I'm not sureI guess that you selected to configure the device which contained the
> how to do that properly (hint appreciated). I know, that the route
> of installation I took is not a common one, but a simple warning
> would suffice to avoid this kind of trouble. After all my encrypted
> LVM and specifically the /home partition within LVM wasn't listed
> among those, which are to be erased at any point during the
> installation. (I marked them with - K - keep the data)
LVM volume group as new encrypted device. Then you where asked for the
new passphrase twice, and a new LUKS header was written to the device,
overwriting the old LUKS header. That way you shredded all the
encrypted data on that device, regardless what it was.
The partitions you marked as "keep the data" weren't overwritten, just
the LUKS header of underlying device was overwritten.
I agree, that a warning in the Debian Installer is a good idea, but to
be honest, there's already a big fat warning:
> _Description: Really erase the data on ${DEVICE}? The data on
> ${DEVICE} will be overwritten with random data. It can no longer be
> recovered after this step has completed. This is the last
> opportunity to abort the erase.
(from
http://anonscm.debian.org/gitweb/?p=d-i/partman-crypto.git;a=blob;f=debian/partman-crypto.templates)
If you like to propose changes to the (warnings in the) process of
configuring encrypted volumes during installation of Debian, feel free
to discuss this on debian-boot@xxxxxxxxxxxxxxxx. You might as well
take a look at the following page:
http://wiki.debian.org/DebianInstaller/PartmanCrypto
Greetings,
jonas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJOrc7tAAoJEFJi5/9JEEn+bo4P/0vX3AxnpXzWO3NUvYW2wh6H
k7v8Dhx6Rw5HXttHuF8JSypkvcHuLfWyGLq0J4qlsw4GvK/cPtwdCuSe//uJvqSB
4Z6qj55E/3/M+aEBMzT9oBeZ5DVGPp0+76VWFNijGzHYMoT4YYm0pZBsmfZ7U2RJ
+7xFyGP0d7oXJIqoW8aUyufgdYnRNdcZdJtY27XHgKW1m9ytllIuK0h7hl410/L0
vy2t4IqSlO5Uko1/bOf3FETNkBRTUl4T2jWMP3dEpNMRobB1ZH5I5menXWSwzgR9
c2QWRkwQ8iUsAdakofnl9O1jhtw3Z9MKxHQbnxh32oNuS5Aaf5xxfiI7jXf3yY/L
GUKyIOa5nGtNtwUt4l0RTJAKoyY2J2KtBJm+JL51tQ3q/iyZsfRLVmyczlkzKUhj
vMKgSzhV8/IyQ/snqftAMqmRXYgaOE3qDCe8MR+EChIFwX2Zr+eRWdRzVFDjQ0kP
Cyc6Yw3TrthD8GuWWxU93tE3YMVxgI76+lDk/LBLZjviMTEfkR5e+gmuoff+Xdta
aBYek7loOjkqb+gJ6qeqAKuDLAZnw/BmHfgpYQpatdSeiV6jpGPkGMbYTwDHLlXR
rE72FJe1emdcDWQ6TE8SP+6KW22HirBPD5q6DPqJ2Oxcxx+AotXeLvDpnhd9S5b2
fDNHacCUklPyCeH81nsH
=PLsS
-----END PGP SIGNATURE-----
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
