On Thu, Apr 16, 2015 at 10:05:17PM +0200, Cyril Brulebois wrote: > Martin Pitt <mp...@debian.org> (2015-04-16): > > Hello Cyril, > > > > Cyril Brulebois [2015-04-16 19:40 +0200]: > > > Anyway, asking for home encryption indeed leads to swap encryption, > > > through a ecryptfs-setup-swap call, which in turn triggers: > > > | echo "cryptswap$i UUID=$uuid /dev/urandom > > > swap,offset=1024,cipher=aes-xts-plain64" >> /etc/crypttab > > > `---[ src/utils/ecryptfs-setup-swap ]--- > > > > > > The same file in the Debian package has no offset, so I guess that means > > > Debian is rather safe. > > > > Well, it actually means that it's even more broken :-( If you don't > > specify an offset at all, then you can only boot this system once. > > Then your partition will be overwritten with random data entirely, and > > the next time you won't have any matching UUID any more, and you again > > get a hanging boot (this affects sysvinit and upstart too). I. e. you > > will have exactly the same effect. > > > > So to properly fix this, we need: > > > > (1) the fix to add the offset=: > > https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/840 > > > > (Updating the used cipher would also be a good idea, but not > > essential) > > > > This fix alone is sufficient under sysvinit and upstart. > > > > (2) this systemd fix to actually respect offset= when booting under > > systemd. > > Huh? Last I checked, guided encrypted LVM just works…
Worked for me about a month ago. -- Len Sorensen -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150416205818.gu29...@csclub.uwaterloo.ca
