Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Author Message
aptpostleOffline
Post subject: Migrating existing Install to Encrypted root  PostPosted: 19.11.2010, 06:30



Joined: 2010-09-16
Posts: 9

Status: Offline
I migrated my existing aptosid installation to an encrypted partition with a dual boot setup.
This is a modification of "Partial Disk Encryption - The Debian Way"

Perhpas this should be under the forum "User Scripts and Dragons" Wink

Used: aptosid live cd "aptosid-2010-02-keres-kde-lite" 32 bit

The steps are outlined here. This should be completed in one session(day) so you can avoid having issues with kernel updates.
1) do dist-upgrade on your existing(old) system as explained in the aptosid manual.
2) backup existing(old) installation with rdiff-backup
3) set up disk encryption following the wiki "Full Disk Encryption - The Debian Way" with the folowing exceptions
a) do not use dd to wipe the entire device sda
b) instead use "dd if=/dev/urandom of=/dev/sda(x) bs=10MB" where "(x)" refers to the partition or partitions you are willing to wipe
c) if windows (or any partition you want to keep) is on "sda1" then substitute a different partition as the "/boot" partition
4) once the encrypted installation is working do a dist-upgrade as explained in the aptosid manual.
5) backup the new encrypted installation with rdiff-backup
6) launch the live aptosid cd and remount the encrypted partition
7) restore your backed up old aptosid installation to the encrypted partition
8 ) copy some critical files from your backed up new encrypted installation to the encrypted old installation
9) boot into the encrypted version of your old aptosid installation

Steps 1-4 are documented in the aptosid manual or wiki "Full Disk Encryption - The Debian Way"

Here are steps 5 -9 in more detail:

#Backup encrypted root using rdiff-backup
rdiff-backup --exclude '/tmp/*' --exclude '/proc/*' --exclude '/sys/*' --exclude '/media/*/*' / /media/[sdb1]/encroot

# where "[sdb1]" refers to the device where you backup files

#start up live aptosid CD
#install rdiff-backup
apt-get install rdiff-backup

#open encrypted root
mkdir /media/aptosid
cryptsetup luksOpen /dev/sda2 sda2_crypt
pvscan
lvscan
lvchange -ay /dev/cryptVG/root

#mount encrypted root partition on directory /media/aptosid
mount /dev/cryptVG/root /media/aptosid


#remove all files from encrypted root directory
cd /media/aptosid
rm -r *

#restore old root directory files to encrypted root directory
rdiff-backup -r now /media/[sdb1]/root /media/aptosid

# where "[sdb1]/root" is the location of your backed up old installation


#copy selected /etc files from encrypted backup to /media/aptosid

cp -a /media/[sdb1]/encroot/etc/crypttab /media/aptosid/etc
cp -a /media/[sdb1]/encroot/etc/fstab /media/aptosid/etc
cp -a /media/[sdb1]/encroot/etc/initramfs-tools/modules /media/aptosid/etc/initramfs-tools
cp -a /media/[sdb1]/encroot/etc/initramfs-tools/conf.d/cryptroot /media/aptosid/etc/initramfs-tools/conf.d

#copy /lib/modules directory from encrypted backup to /media/aptosid
#(will not be neccessary if kernel is the same in the legacy system and the fsh encrypted system)
cp -a /media/[sdb1]/encroot/lib/modules /media/aptosid/lib/

#copy links from encrypted backup root to /media/aptosid

cp -a /media/[sdb1]/encroot/initrd.img /media/aptosid/
cp -a /media/[sdb1]/encroot/vmlinuz /media/aptosid/

#logout of live cd and boot into an encrypted version of your original installation Laughing


#known issues:
# had to reinstall encfs and fuse-utils and reboot to get encfs to work again
apt-get --reinstall install enfs
apt-get --reinstall install fuse-utils
# had to reinstall dbus to remove error message in kde concerning web-kit
apt-get --reinstall install dbus


If you try this, let me know how it turns out.
 
 View user's profile Send private message  
Reply with quote Back to top
hefeeOffline
Post subject: RE: Migrating existing Install to Encrypted root  PostPosted: 19.11.2010, 12:47



Joined: 2010-09-14
Posts: 26

Status: Offline
you don't need encfs and fuse-utils, cause you don't have any encfs crypted device. You only need luks and lvm2.

And why you wrote into the forum and doesn't write a wiki entry?
 
 View user's profile Send private message  
Reply with quote Back to top
aptpostleOffline
Post subject:   PostPosted: 19.11.2010, 18:57



Joined: 2010-09-16
Posts: 9

Status: Offline
You are correct, I no longer need encfs but I had an encrypted directory on my original installation, that I had to recover so I could decrypt it.
I thought of a wiki, but considered that, since possibly this may violate aptosids policies, maybe some of the gurus should review this before enshrining it in a wiki.
 
 View user's profile Send private message  
Reply with quote Back to top
muchan
Post subject:   PostPosted: 19.11.2010, 19:08
Moderator


Joined: 2010-09-11
Posts: 468

FYI, there is (already) a page like this in wiki:
http://aptosid.com/index.php?module=wik ... eDebianWay

(my name is shown as the page owner, but i just created
the page to migrated it from former sidux wiki,
I am not the author of the text. )


I don't know if the OP of this thread and the wiki page is talking the same thing,
or different way to get same goal, or having different goals...
 
 View user's profile Send private message  
Reply with quote Back to top
aptpostleOffline
Post subject:   PostPosted: 19.11.2010, 22:17



Joined: 2010-09-16
Posts: 9

Status: Offline
Muchan,
The goals are slightly different than the original "Debian way" wiki.
The original wiki was for a fresh install with no dual boot.
This modification of the original wiki is for a dual boot set-up where you can migrate your existing aptosid install onto the encrypted partition.
Most of the heavy sledding uses the steps in the original wiki.

Aptpostle
 
 View user's profile Send private message  
Reply with quote Back to top
Display posts from previous:     
Jump to:  
All times are GMT - 12 Hours
Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Powered by Zafenio