13.10 installer question

Discussion in 'all things UNIX' started by Palancar, Mar 20, 2014.

Thread Status:
Not open for further replies.
  1. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    Solved ------ > 13.10 installer

    If you read my other thread I decided to use 13.10 and build it for a month until 14.04 LTS is released. That said I down'd 13.10, verified file integrity, and built a test VM. LUKS/LVM FDE was a breeze using the installer in that configuration. Great, now time to move to bare metal. Immediately I hit a wall because my config is outside of the "out of box" installer.

    My machine is TrueCrypt encrypted and there is no space in the bootloader left for /boot. No biggie of course since I am planning on using a small 1 Gig flash to boot 13.10. I don't want to change anything on the TC bootloader. Is there anyone here willing to give me a connect the dot set of steps for how to use 13.10 installer with a full LUKS on partition 3 using my 1 Gig flash to start it?

    The generic 13.10 installer doesn't see any OS because of the encryption so I might not be seeing options that a regular two system/OS computer might get. As soon as you select other (leaving the "out of box" install) the simple click encryption option disappears.

    I have about 150 GB to dedicate strictly for Linux bare metal. The regular 13.10 installer is really slick for a conventional setup. It was easy as can be when I did the VM. Within a year I plan on trashing windows but I am not up to speed for that at this time.
     
    Last edited: Mar 24, 2014
  2. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,977
    Location:
    Brasil
    Do you really need TC? I use just Cryptsetup and it works like a charm.
    Ubuntu's installer is a pain when using encryption, so I don't use it (among other reasons). Debian is a good place for encrypted systems, so is Arch.
    On the other hand, the alternate installer images are known for being "better" at encryption, much similar to Debian, but it doesn't have as many options (xts-plain64 doesn't exist in the IV Algorithm choice in Ubuntu's alternate installer, for ex).

    I wrote a similar thread on openSUSE's forums, and even the Administrator ran into problems when he tried to boot from an encrypted flash drive.

    http://forums.opensuse.org/showthread.php/489380-TrueCrypt-Help-Multiple-Partitions
     
  3. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    I think I may have thought of a way to get around this. It'll take about 4-7 hours of encrypting so I wanted to ask before proceeding. My snag with the normal 13.10 installer is that it doesn't see the windows OS because of the TC encrypted system disk. So how about I do this:

    Write back my 7 Pro OS (normal unencrypted system disk for C) and restore the drive's normal MBR. That is extremely easy to do. Now the 13.10 installer will see windows and will allow for an alongside normal install. If the 13.10 installer works like 12.04 I would be able to select other and from the first screen after other I can select a flash drive for /boot. Then I go back to the start screen and the 13.10 installer will remember the /boot flash while I do the alongside install with encryption and LVM boxes "ticked". If this works it would mean that I will be booting from my removable flash and the second partition will be 13.10 using encryption/LVM all the way. That would be ideal. When finished I would then simply encrypt the original windows system disk using TrueCrypt, which would replace the MBR with the TC bootloader. Now I can mount windows using TC in a regular fashion. To use Linux I insert my /boot flash and enter my crypt password on prompt. I woud immediately do a sector based backup of Linux so I can always restore the entire partition with the click of a button and 30 minutes of "write time".

    Can someone give me their opinion of this as a workable plan? I may just run to the store and buy a new sata drive so I have no danger of messing up the original that is tweaked to perfection!

    Specifically, what is your opinion as to whether the 13.10 installer will remember the /boot flash when I go back one screen to do the normal install? My 12.04 alternate install disk remembers it every single time.

    Suggestions welcome.

    ps - I forgot to ask. When doing an alongside install using the normal 13.10 installer, will I still be able to "tick" the encryption and LVM boxes? Its the whole reason for doing this procedure. Anyone here do an alongside with encryption "ticked"??
     
    Last edited: Mar 23, 2014
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
  5. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,977
    Location:
    Brasil
    I think it's best to start with VirtualBOX. See if it works there.
     
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    Solved ------ > 13.10 installer

    Solved!

    I did the simple steps indicated in the link on my post above this one. Candidly, I have tons of windows tools so I prep'd the drive using windows partition tools and wiping accordingly before I started. What that means is that I wiped a 150 Gig partition (just in case there was "dirt" there) and then deleted the partition. That left 150 Gig of free space to use for Linux bare metal. That is the sum total of my getting the hard drive ready. I did the same thing by wiping the little 1 Gig flash I am using for /boot.

    From there I just used the 13.10 normal installer and it went smooth as can be. To use Linux I insert the flash and enter my password. I can remove the flash almost immediately as its not needed except for an instant during boot. The 150 Gig is full LVM/Luks/dmcrypt and it shows RAW/other fully encrypted. Nice!

    If you are just joining this thread this procedure was done because I want Linux 14.04 LTS bare metal fully LVM encrypted, alongside a TrueCrypt encrypted windows 7 Pro OS. Now I have both fully encrypted on the same machine and it runs slick. My 13.10 should upgrade seamlessly to 14.04 when it comes out next month. Even if it "breaks" during the upgrade I now know how to re-create this pretty easily. It was so easy.

    The normal 13.10 "click a button" install won't work because 13.10 cannot see any OS when you have TrueCrypt full encryption already there. The TC bootloader is not normal either. My method leaves the TC bootloader alone and simply writes the linux /boot out to a flash. This allows both systems to be fully encrypted to maximize security/privacy.

    This Linux OS will never see any internet activity but updating itself or software I authorize, such as virtualbox. Even then I will control exposure by having it tunneled on vpn1 exclusively and only during my permitted updating. Afterwards I'll remove its ability to connect and stick with VM's, pfsense, etc... I really wanted to try something with Windows but Snowden and Microsoft have indirectly convinced me that securing windows is a lost cause. Just an opinion.

    ps - forgot to add that the normal 13.10 installer will only allow "one click" encryption if you are using the ENTIRE hard drive. The method I am outlining is easy and allows for custom sizes as my example indicates. If you want any serious encryption with Linux 13.10 you will have to use this method OR dedicate your entire disk to use "one click".
     
    Last edited: Mar 24, 2014
Loading...
Thread Status:
Not open for further replies.