nice howto. I didn't catch a couple of things, though:
1. you mention sdc1 as /boot device.. why? Just a typo?
2. is there any way to remove the *huge* spam comment just before mine? It triples the size of your howto. and the sites don't work, even! :)
3. just for reference, I've got some issues with a USB-drive watch; I can luksFormat the partition but cannot luksOpen it. To fix this I had to mount the partition via losetup:
losetup /dev/loop0 /dev/sda2
# then format it with luks
cryptsetup luksFormat /dev/loop0
# now I can open it
cryptsetup luksOpen /dev/loop0 rootfs
# close it
cryptsetup luksClose /dev/loop0
# and now I can even use cryptsetup with /dev/sda2
cryptsetup luksOpen /dev/sda2 rootfs
4. being the paranoid I am, I prefer to have a "clean" debian on my usb stick and make a fake swap partition as the encrypted one. Something like (in a /etc/fstab):
#/dev/sda2 none swap sw 0 0
the /dev/sda2 partition should be formatted with luksFormat. So I can boot via the usb stick, show a clean debian system, then use that system to open the /dev/sda2 encrypted/fake swap partition.
In case it get seized, it's just a usb stick with a linux version on it, and some garbage data on /dev/sda2 :)
hdc1, spam & losetup, various paranoia
nice howto. I didn't catch a couple of things, though:
1. you mention sdc1 as /boot device.. why? Just a typo?
2. is there any way to remove the *huge* spam comment just before mine? It triples the size of your howto. and the sites don't work, even! :)
3. just for reference, I've got some issues with a USB-drive watch; I can luksFormat the partition but cannot luksOpen it. To fix this I had to mount the partition via losetup:
losetup /dev/loop0 /dev/sda2
# then format it with luks
cryptsetup luksFormat /dev/loop0
# now I can open it
cryptsetup luksOpen /dev/loop0 rootfs
# close it
cryptsetup luksClose /dev/loop0
# and now I can even use cryptsetup with /dev/sda2
cryptsetup luksOpen /dev/sda2 rootfs
4. being the paranoid I am, I prefer to have a "clean" debian on my usb stick and make a fake swap partition as the encrypted one. Something like (in a /etc/fstab):
#/dev/sda2 none swap sw 0 0
the /dev/sda2 partition should be formatted with luksFormat. So I can boot via the usb stick, show a clean debian system, then use that system to open the /dev/sda2 encrypted/fake swap partition.
In case it get seized, it's just a usb stick with a linux version on it, and some garbage data on /dev/sda2 :)
..will try it and report it somewhere. cheers.