个人工具
登录
查看“UbuntuHelp:FeistyLUKSTwoFormFactor”的源代码 - Ubuntu中文
UbuntuHelp
讨论
查看源代码
历史
搜索
导航
首页
最近更改
随机页面
页面分类
帮助
编辑
编辑指南
沙盒
新闻动态
字词处理
工具
链入页面
相关更改
特殊页面
页面信息
查看“UbuntuHelp:FeistyLUKSTwoFormFactor”的源代码
来自Ubuntu中文
←
UbuntuHelp:FeistyLUKSTwoFormFactor
跳转至:
导航
,
搜索
因为以下原因,你没有权限编辑本页:
您所请求的操作仅限于该用户组的用户使用:
用户
您可以查看与复制此页面的源代码。
== Create LUKS/LVM Volumes on Unused Partition == === Randomize the Unused Partition === To obscure use of the volume randomize the partition befor using it. '''Caution:''' `urandom` is not as good as `random` but will cut the time significantly. '''Note:''' This will take a considerable amount of time and is proporational to the volume size. e.g., Radomizing 1.5TB ~2Days. <pre><nowiki> dd if=/dev/urandom of=/dev/sda3 </nowiki></pre> Go find something fun to do outside! === Create and Open LUKS Device === '''Note:''' I've used the largest cipher and hash available as well as key-size. The defaults are smaller. <pre><nowiki> cryptsetup luksFormat --hash=sha512 --cipher=aes-cbc-essiv:sha256 --key-size=256 /dev/sda3 </nowiki></pre> Edit the crypttab. The lvm option triggers the lvm on luks during startup. This will setup the LUKS whole disk encryption with an initial passphrase. Once this works the Two Form Factor configuration follows. <pre><nowiki> echo cryptVault /dev/sda3 none luks,cipher=aes-cbc-essiv:sha256,hash=sha512,lvm=vg00-lvroot >> /etc/crypttab </nowiki></pre> Open the LUKS partition. <pre><nowiki> cryptsetup luksOpen /dev/sda3 cryptVault </nowiki></pre> === Setup LVM Data Partitions === Season to taste. The volume sizes will be relevant to your system design goals. '''Note: ''' When later converting to ''ubuntu-desktop'' apt required more space in /var then I had originally allocated. And rather than re-configure apt to use a different cache I just resized /var to +1024MB. The `lvsnap` volume is for creating snapshot volumes for backup purposes. It will not be referenced again in this document. It is there as a reminder to allocate for it before you slice and dice all avialable disk space. [todo: create communityDoc for BackupWithLVMSnaphot] '''Note:''' The lvm volumes ''MUST'' be of the form `/dev/mapper/vg##-name`. The cryptroot script relies on this naming convention to determine whether or not a volume is LVM and to select the volume group name to activate. <pre><nowiki> pvcreate /dev/mapper/cryptVault vgcreate vg00 /dev/mapper/cryptVault vgchange -a y vg00 lvcreate -L70G -nlvroot vg00 lvcreate -L512M -nlvtmp vg00 lvcreate -L2048M -nlvvar vg00 lvcreate -L512M -nlvhome vg00 lvcreate -L512M -nlvsnap vg00 </nowiki></pre> '''Tip:''' If you will be allocating the remaining free extents to a volume do '''pvdisplay''' and find the '''Free PE''' and use that value in `ĺvcreate -l### -n#SOMEPART` === Apply Filesystems to the Partitions === <pre><nowiki> mkfs.ext3 /dev/vg00/lvroot mkfs.ext2 /dev/vg00/lvtmp mkfs.ext3 /dev/vg00/lvvar mkfs.ext3 /dev/vg00/lvhome mkfs.ext3 /dev/vg00/lvsnap </nowiki></pre>
返回至
UbuntuHelp:FeistyLUKSTwoFormFactor
。