Militantly FREE software support.
Militantly FREE software support.
NavigationUser loginLinux NewsClick the above for your daily dose of Linux news. Food for ThoughtWindows Error: 002 - No error yet ... Spam?See spam posts on this site? If so, please don't reply to the spam! Instead, just report the URL to the webmaster. |
dmcrypt on an existing partition (firewire external disk)On Fri, Nov 30, 2007 at 11:37:52AM +0100, Andrew Henry wrote: nice guide. it was definitely part of my list of open tabs when I was A Bookmark/Search this post with: 
|
• Debian Weekly News - Essential reading for any Debian fan. • Documentation - Debian's own authoritative documentation, including installation docs. • FAQ - Got questions about Debian GNU/Linux? • From Windows to Debian - Tips for converting from Windows to Debian GNU/Linux • Package of the Day. • Security - Security information and alerts! • Bug System - Bug tracking and instructions on reporting bugs. • CD Images - Where/how to get Debian GNU/Linux CD images. • Mailing List Subscription - Dozens of Debian-specific support mailing lists! • Mailing List Archives - Searchable archives of Debian's mailing lists. • Free Software Guidelines - Learn Debian's idea of what "free" software really is. • Package Listings - A very valuable tool: searchable, integrated with bug reports. • Apt-Get Sources - Sources for *.debs which are not official Debian packages. • Backports - Unofficial new software packages that have been "back-ported" to work with the Debian stable/official release. • Developer's Corner - Info about the people behind Debian, policies, and how to package *.deb files.
dmcrypt on an existing partition (firewire external disk)
Andrew Sackville-West wrote:
> nice guide. it was definitely part of my list of open tabs when I was
> setting up my encrypted laptop. He's got some other good ones there as
> well.
>
> A
>
Somethings broken :(
I followed the guide to the letter, and it all seemed to work
wonderfully. Then the pain began when I started to move my files back
to the encrypted volume. What a performance killer! It's eating 90%
CPU and it takes *forever*, because it keeps 'hanging'. If I switch
focus to another window, then kcryptd/0 and kjournald stop working (they
are the processes taking 90%). If I shut laptop lid (set to blank
screen) then they stop working. If the screensaver activates, then they
stop working. When they stop (zero percent CPU) then the disk activity
stops as well.
When I run scp from a ethernet attached laptop then scp says:
ubuntu-7.10-alternate-amd64.iso 86% 684MB 2.9MB/s
-stalled-
and as you can see by the transfer rate, it is nowhere near the 11MB/s I
was getting consistently before encrypting.
Is this normal write performance? Can the "terminal loses focus: copy
suspends" behaviour be fixed? I have not tested read performance yet,
but I expect and hope that it will be more normal.
--andrew
--
GnuPG Key ID: ECB18ABA
Fingerprint: FDF3 91FC F5BC 1164 E217 315E 337E 219B ECB1 8ABA
--
GnuPG Key ID: ECB18ABA
Fingerprint: FDF3 91FC F5BC 1164 E217 315E 337E 219B ECB1 8ABA
dmcrypt on an existing partition (firewire external disk)
On Wed, Nov 28, 2007 at 09:30:10PM +0100, Andrew Henry wrote:
> I have a big disk that I cannot backup due to space constraints and want
> to encrypt it. It is an ext3 external WD MyBook drive. I keep movies
> music and backups on there so its nothing I cannot lose, but I would
> hate to spend time ripping all my CDs and DVDs again.
you may have to, assuming you don't want to spend the money on another
drive.
>
> I run Debian Etch on the laptop it is attached to and I mount the MyBook
> manually, not relying on automounting.
>
> Is it as "simple" as running the following:
>
> cryptsetup create root /dev/sda1 -v -y -c aes-cbc-essiv:sha256 -h sha1 -s 128
>
> dd if=/dev/sda1 of=/dev/mapper/root bs=512 skip=0 seek=0.
it would be that simple if you really wanted to wipe your disk...
to my knowledge, you cannot "convert" a drive, you have to move
everything off of it. One really kludgey solution, provided the sizes
are appropriate, is to kill *part* of the drive leaving enough space
to add a partition to store the data and then convert half the disk at
a time. But then you'll end up with two encrypted partitions, which
may not be what you want.
>
> Do I have all the tools I need in Etch? I installed Etch with encrypted LVM partition option, so
> I assume I have all I need?
yup.
It comes down to this. Backups -- if its something you don't want to
have to go through the work to replace, then you should back it
up. Even if it's something that can't be "lost" because you have
original cds lying around, is the *effort* to re-rip it all something
you don't want to "lose".
my recommendation is: pick up another drive, slap it in a cheap
IDE-USB box and copy that stuff. Then, when you're done with the
change, you'll have a lovely backup you can stick in your safe... and
you'll have a spare drive floating around for when one dies.
A
dmcrypt on an existing partition (firewire external disk)
On Sat, Dec 01, 2007 at 07:21:26PM +0100, Andrew Henry wrote:
> Sorry Andrew for double post...when I hit reply it goes to you and not the
> list, so I have now resent the mail to the list... for the second time!
The proper thing to do is Reply-to-List. I read the list and don't
need a copy sent to me directly. You are using Thunderbird -- there is
a plugin/extension for Reply-to-List. Check the archives here for
mention of it, or just poke around at mozilla.
>
> Andrew Sackville-West wrote:
>
> I honestly don't know. There *has* to be some performance hit because
> the data gets mangled before hitting the disk. I don't *notice* any
> performance hit on my laptop.
>
>
> You just gave me an idea to try this on the laptop itself. I had used scp to
> copy a file from another laptop to the newly encrypted usb disk, but I can do
> the same operation to the usb disks host laptop to see if there is a problem
> with the disk somehoe or with the software. I have not had a single issue with
> performance in the 2 years I have had this setup and now the only thing that
> changed is encrypting the usb disk. Note that my server laptop is also fully
> encrypted and there were no issues with performance of the unencrypted usb disk
> before I changed it.
Yes, eliminating the scp (and any other variables) would be a good
thing to narrow down this problem.
>
> Can the "terminal loses focus: copy
> suspends" behaviour be fixed? I have not tested read performance yet,
> but I expect and hope that it will be more normal.
>
>
>
> I would say you've got something messed up there.
>
>
> Yeah, and another thing I noticed is that when copying if I move the mouse
> pointer then it sticks every now and again for a second or so. Whether this is
> due to overloaded processor or an indication of some kind of wait event I do
> not know.
>
> I am running Debian Etch 4.0r1 which I installed last week. before that I was
> running Ubuntu 7.10 desktop without encryption.
>
> I think I need to do some more testing then do some googling etc.
yup. I wouldn't be afraid of wiping the drive and trying again as
well.
A
dmcrypt on an existing partition (firewire external disk)
Andrew Sackville-West wrote:
> It comes down to this. Backups -- if its something you don't want to
> have to go through the work to replace, then you should back it
> up. Even if it's something that can't be "lost" because you have
> original cds lying around, is the *effort* to re-rip it all something
> you don't want to "lose".
>
> my recommendation is: pick up another drive, slap it in a cheap
> IDE-USB box and copy that stuff. Then, when you're done with the
> change, you'll have a lovely backup you can stick in your safe... and
> you'll have a spare drive floating around for when one dies.
>
> A
>
Thanks for the advice. I looked around and managed to find a simple
guide for doing this the "right" way:
http://www.hermann-uwe.de/blog/howto-disk-encryption-with-dm-crypt-luks-and-debian
I will copy my files to two or maybe three other PCs I have, as I do not
have enough space on any single PC, then format the MyBook using this guide.
--andrew
--
GnuPG Key ID: ECB18ABA
Fingerprint: FDF3 91FC F5BC 1164 E217 315E 337E 219B ECB1 8ABA
dmcrypt on an existing partition (firewire external disk)
I have a big disk that I cannot backup due to space constraints and want
to encrypt it. It is an ext3 external WD MyBook drive. I keep movies
music and backups on there so its nothing I cannot lose, but I would
hate to spend time ripping all my CDs and DVDs again.
I run Debian Etch on the laptop it is attached to and I mount the MyBook
manually, not relying on automounting.
Is it as "simple" as running the following:
cryptsetup create root /dev/sda1 -v -y -c aes-cbc-essiv:sha256 -h sha1 -s 128
dd if=/dev/sda1 of=/dev/mapper/root bs=512 skip=0 seek=0.
Do I have all the tools I need in Etch? I installed Etch with encrypted LVM partition option, so
I assume I have all I need?
--andrew
--
GnuPG Key ID: ECB18ABA
Fingerprint: FDF3 91FC F5BC 1164 E217 315E 337E 219B ECB1 8ABA
dmcrypt on an existing partition (firewire external disk)
this belongs on the list...
On Sat, Dec 01, 2007 at 12:47:05PM +0100, Andrew Henry wrote:
> Andrew Sackville-West wrote:
> > nice guide. it was definitely part of my list of open tabs when I was
> > setting up my encrypted laptop. He's got some other good ones there as
> > well.
> >
> > A
> >
> Somethings broken :(
:(
>
> I followed the guide to the letter, and it all seemed to work
> wonderfully. Then the pain began when I started to move my files back
> to the encrypted volume. What a performance killer! It's eating 90%
> CPU and it takes *forever*, because it keeps 'hanging'. If I switch
> focus to another window, then kcryptd/0 and kjournald stop working (they
> are the processes taking 90%). If I shut laptop lid (set to blank
> screen) then they stop working. If the screensaver activates, then they
> stop working. When they stop (zero percent CPU) then the disk activity
> stops as well.
>
I've not seen this and my whole laptop is encrypted.
> When I run scp from a ethernet attached laptop then scp says:
>
> ubuntu-7.10-alternate-amd64.iso 86% 684MB 2.9MB/s
> -stalled-
>
> and as you can see by the transfer rate, it is nowhere near the 11MB/s I
> was getting consistently before encrypting.
>
> Is this normal write performance?
I honestly don't know. There *has* to be some performance hit because
the data gets mangled before hitting the disk. I don't *notice* any
performance hit on my laptop. I'm not in a position at the moment to
compare in the same way as you, but I did capture some speeds during
my setup. When I was wiping the encrypted partition during setup, I
got between 26 and 36 MB/s writing depending on where on the disk I
was. So I'd say what you're seeing is not typical. Note that I'm on a
pretty new laptop with halfway decent specs.
> Can the "terminal loses focus: copy
> suspends" behaviour be fixed? I have not tested read performance yet,
> but I expect and hope that it will be more normal.
I would say you've got something messed up there. Just a quick
run-down of what I've done:
1. modprobe dm_crypt sha256 aes_i586. confirmed it worked by ls -l
/dev/mapper/control
2. create the encrypted partition: cryptsetup -c aes-cbc-essiv:sha256
-y luksFormat /dev/
3. map it to a /dev/mapper/volume: cryptsetup luksOpen
/dev/ crypt-part
4. create a filesystem on /dev/mapper/crypt-part and away you go.
this is all on sid, BTW.
hth
A