Debian Full Disk Encryption With LVM

Forum: LinuxTotal Replies: 8
Author Content
slacker_mike

Dec 09, 2012
6:58 PM EST
Does anyone know if Debian can encrypt the entire disk with lvm but not also fill the disk with random data with urandom? I think Fedora and openSUSE do this by default, and I thought Debian might offer it as an option if I chose expert install. Am I missing this anywhere?
Steven_Rosenber

Dec 10, 2012
1:07 AM EST
I don't use Expert Install. I always have to wait for the disk to be randomized. It takes a h*** of a long time.

I imagine that you could script the install and leave this task out, but I have no idea how you'd do it.
slacker_mike

Dec 10, 2012
10:25 AM EST
Thanks Steven. I did come across this bug which implies that if you cancel the randomized data process it will continue the encrypted installation. I'll have to try this.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611196
Bob_Robertson

Dec 10, 2012
10:43 AM EST
The last time I did an LVM encrypted install I don't remember it filling with random data by default, but maybe it did. It was only an 80G disk.

(ha! How times have changed. "only" 80 GB!)
slacker_mike

Dec 10, 2012
10:59 AM EST
On my 320 GB hard drive it took like 24 hours or something to fill it with random data.
Bob_Robertson

Dec 10, 2012
11:28 AM EST
Last Monday I got a 1TB USB3 drive, it's time for me to move backups into the 21st century.

Anyway, I made it encrypted, fine, and then set it to filling with random data with dd if=/dev/urandom of=/dev/sdf.

That was Monday.

Friday evening, I made the mistake of opening a YouTube video in full screen. SpaceRips, don'tcha'know, beautiful. Sadly, it also froze my machine.

I don't know how much of the 1TB had been filled in 4 solid days of writing, but I can at least put a real review on NewEgg, "I tried to kill it and it still works."
jdixon

Dec 10, 2012
1:06 PM EST
> ... then set it to filling with random data with dd if=/dev/urandom of=/dev/sdf.

I've read that adding bs=1M will speed up the process for IDE and SATA drives, I don't know if it would be effective for USB ones.
Steven_Rosenber

Dec 10, 2012
1:23 PM EST
That is one drawback of fully encrypted installs in Debian: The bigger the drive, the longer you wait for the installer to randomize it.
gus3

Dec 10, 2012
1:39 PM EST
Yes, "bs=1M" would help USB drives. If nothing else, write-coalescing in the disk elevator means less task-swapping and I/O scheduling.

You cannot post until you login.