Package: installation-guide
Tags: patch
Hi,
In netinst CD Jessie Beta1 there seems to be no support for crypt method
loop-AES. I suspect this is intended.
The d-i manual therefore needs an update.
Patch attached.
Cheers
Holger
--
Holger Wansing <hwans...@mailbox.org>
Index: boot-new/mount-encrypted.xml
===================================================================
--- boot-new/mount-encrypted.xml (Revision 69255)
+++ boot-new/mount-encrypted.xml (Arbeitskopie)
@@ -8,13 +8,14 @@
If you created encrypted volumes during the installation and assigned
them mount points, you will be asked to enter the passphrase for each
-of these volumes during the boot. The actual procedure differs
-slightly between dm-crypt and loop-AES.
+of these volumes during the boot.
</para>
+<!--
<sect2 id="mount-dm-crypt">
<title>dm-crypt</title>
+-->
<para>
@@ -68,6 +69,7 @@
After entering all passphrases the boot should continue as usual.
</para>
+<!-- loop-AES is not supported by the installer at the moment
</sect2>
<sect2 id="mount-loop-aes">
@@ -98,6 +100,7 @@
</para>
</sect2>
+-->
<sect2 id="crypto-troubleshooting">
<title>Troubleshooting</title>
@@ -122,7 +125,10 @@
The easiest case is for encrypted volumes holding data like
<filename>/home</filename> or <filename>/srv</filename>. You can
-simply mount them manually after the boot. For loop-AES this is
+simply mount them manually after the boot.
+
+<!--
+For loop-AES this is
a one-step operation:
<informalexample><screen>
@@ -136,8 +142,9 @@
the passphrase for this volume.
</para><para>
+-->
-For dm-crypt this is a bit trickier. First you need to register the
+For dm-crypt this is a bit tricky. First you need to register the
volumes with <application>device mapper</application> by running:
<informalexample><screen>
Index: using-d-i/modules/partman-crypto.xml
===================================================================
--- using-d-i/modules/partman-crypto.xml (Revision 69255)
+++ using-d-i/modules/partman-crypto.xml (Arbeitskopie)
@@ -104,7 +104,7 @@
</varlistentry>
<varlistentry>
-<term>IV algorithm: <userinput>cbc-essiv:sha256</userinput></term>
+<term>IV algorithm: <userinput>xts-plain64</userinput></term>
<listitem><para>
@@ -119,7 +119,7 @@
</para><para>
From the provided alternatives, the default
-<userinput>cbc-essiv:sha256</userinput> is currently the least
+<userinput>xts-plain64</userinput> is currently the least
vulnerable to known attacks. Use the other alternatives only when you
need to ensure compatibility with some previously installed system
that is not able to use newer algorithms.
@@ -202,8 +202,10 @@
</varlistentry>
</variablelist>
+</para>
-</para><para>
+<!-- loop-AES is not supported by the installer at the moment
+<para>
If you select <menuchoice> <guimenu>Encryption method:</guimenu>
<guimenuitem>Loopback (loop-AES)</guimenuitem> </menuchoice>, the menu
@@ -264,7 +266,10 @@
Please see the section on erasing data above.
-</para></listitem>
+</para>
+-->
+
+</listitem>
</varlistentry>
</variablelist>
@@ -321,16 +326,12 @@
After returning to the main partitioning menu, you will see all
encrypted volumes as additional partitions which can be configured in
-the same way as ordinary partitions. The following example shows two
-different volumes. The first one is encrypted via dm-crypt, the second
-one via loop-AES.
+the same way as ordinary partitions. The following example shows a
+volume encrypted via dm-crypt.
<informalexample><screen>
Encrypted volume (<replaceable>sda2_crypt</replaceable>) - 115.1 GB Linux device-mapper
#1 115.1 GB F ext3
-
-Loopback (<replaceable>loop0</replaceable>) - 515.2 MB AES256 keyfile
- #1 515.2 MB F ext3
</screen></informalexample>
Now is the time to assign mount points to the volumes and optionally
@@ -340,7 +341,7 @@
Pay attention to the identifiers in parentheses
(<replaceable>sda2_crypt</replaceable>
-and <replaceable>loop0</replaceable> in this case) and the mount
+in this case) and the mount
points you assigned to each encrypted volume. You will need this
information later when booting the new system. The differences between
the ordinary boot process and the boot process with encryption involved will
