Debian Full Disk Encryption With LVM
|
Author | Content |
---|---|
slacker_mike Dec 09, 2012 7:58 PM EDT |
Does anyone know if Debian can encrypt the entire disk with lvm but not also fill the disk with random data with urandom? I think Fedora and openSUSE do this by default, and I thought Debian might offer it as an option if I chose expert install. Am I missing this anywhere? |
Steven_Rosenber Dec 10, 2012 2:07 AM EDT |
I don't use Expert Install. I always have to wait for the disk to be randomized. It takes a h*** of a long time. I imagine that you could script the install and leave this task out, but I have no idea how you'd do it. |
slacker_mike Dec 10, 2012 11:25 AM EDT |
Thanks Steven. I did come across this bug which implies that if you cancel the randomized data process it will continue the encrypted installation. I'll have to try this. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611196 |
Bob_Robertson Dec 10, 2012 11:43 AM EDT |
The last time I did an LVM encrypted install I don't remember it filling with random data by default, but maybe it did. It was only an 80G disk. (ha! How times have changed. "only" 80 GB!) |
slacker_mike Dec 10, 2012 11:59 AM EDT |
On my 320 GB hard drive it took like 24 hours or something to fill it with random data. |
Bob_Robertson Dec 10, 2012 12:28 PM EDT |
Last Monday I got a 1TB USB3 drive, it's time for me to move backups into the 21st century. Anyway, I made it encrypted, fine, and then set it to filling with random data with dd if=/dev/urandom of=/dev/sdf. That was Monday. Friday evening, I made the mistake of opening a YouTube video in full screen. SpaceRips, don'tcha'know, beautiful. Sadly, it also froze my machine. I don't know how much of the 1TB had been filled in 4 solid days of writing, but I can at least put a real review on NewEgg, "I tried to kill it and it still works." |
jdixon Dec 10, 2012 2:06 PM EDT |
> ... then set it to filling with random data with dd if=/dev/urandom of=/dev/sdf. I've read that adding bs=1M will speed up the process for IDE and SATA drives, I don't know if it would be effective for USB ones. |
Steven_Rosenber Dec 10, 2012 2:23 PM EDT |
That is one drawback of fully encrypted installs in Debian: The bigger the drive, the longer you wait for the installer to randomize it. |
gus3 Dec 10, 2012 2:39 PM EDT |
Yes, "bs=1M" would help USB drives. If nothing else, write-coalescing in the disk elevator means less task-swapping and I/O scheduling. |
You cannot post until you login.