Ubuntu
debian-installer package

Precise Server Installer does not allow to complete the encrypt partitions procedure

Bug #993761 reported by Pedro
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
debian-installer (Ubuntu)
New
Undecided
Unassigned

Bug Description

I have tried 3 times to isntall Ubuntu Precise using the Server Installer amd64 and it proved to be impossible to complete the task about encrypted partitions.

First i need to clarify that i have the dstro Mageia 2 Beta 3 installed in the disk with /home encrypted.

I burn the iso ubuntu-12.04-alternate-amd64.iso and then start the installer, all goes fine untill i reach the part about partitioning, which i choose manual and select one partition as /boot, and then select 2 partitions (swap and /) to be encrypted, i enter the passphrase for both and all goes well.
Now i select to activate the partitions and the problem starts here because it always first asks to enter the passphrase for the partitions /dev/sda8 that is isntalled in the disk as the Mageia /home encrypted partition and important to refer that Mageia uses cyper aes-xts-benbi which is NOT RECOGNIZED by ubuntu text installer and apepars to be the problem.
But also why is the installer asking the passphrase about an encrypted partition thats not part of the created encrypted partitions in the isntaller?

Anyway when it asks the passphrase for the Mageia /home encryted partiton (/dev/sda8) i enter the passphrase but continues asking the passphrase as it was an invalid one, but the issue is that isnt able to recognize a partition created with the cypher aes-xts-benbi, and then stucks there and it never passes to the encrypted partitions that were created in the installer.

Thus making impossible to continue the instalation with encrypted partitions.

Revision history for this message
Pedro (simplew8) wrote :

Forgot to say that in my POV the biggest problem is the installer asks passphrases about encrypted partitions that already exist in the disk. That should not happens, it should only handle (and ask passphrases) for the encrypted partitions that are created during the install proccess.

This way would be irrelevant if the installer would or not support other cyphers.
Still would be better that the installer could also handle the benbi cypher since its the most secure, please refer to http://www.ody.ca/~dwhodgins/Luks-Howto.html#Changelog

Revision history for this message
Pedro (simplew8) wrote :

In fact i have tried with a clean disk to install with /root, /home and swap encrypted and it has revealed impossible, i did tried all possible scenarios and was not possible to encrypt.

I also tried woth the debian testing cd and also revealed impossible, so this its s bug in the debian-install source.
Anyway theres no way to install using the CD to encrypt partitions.

Revision history for this message
ietc (ietc) wrote :

Sorry I'm late.

Alternate Installer (debian-install) for Ubuntu 12.04 only supports, I think, three different ciphers: aes-cbc-plain, aes-cbc-essiv, and something else. Afraid it is not very fresh in my mind. Certainly not anyting involving aes-xts-*.

This contrasts sharply with the standard desktop installer/LiveCD, which does support modern ciphers; it even comes with cryptsetup installed. However, I think it lacks support for properly creating filesystems in LUKS and LVM partitions. In my case, what I had to do was set up all the encryption, LVM, and filesystem stuff before starting the installer, including luksOpen and vgchange so that the filesystems would be fully visible to the installer. (In order to access the LVM stuff, I had to "apt-get install lvm2".) Afterward, before I rebooted out of the LiveCD environment, I mounted the partitions for the new install, chroot into it, then "apt-get install cryptsetup" (and "apt-get install lvm2") and manually set up "(/target)/etc/crypttab".

(Dealing with a grub-efi was a different frustrating issue.)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.