• Partition Didn't Encrypt?


    Hey, so I just setup a Antergos partition, I formatted it as ext4 and setup LUKS encryption with my passphrase. When I verified the install it said the partition was to be deleted, formatted and encrypted. Anyways, when the installation finished, I booted up normally, without being prompted for a passphrase, which would lead me to believe that my partition wasn’t encrypted at all. How does this screw up and how could I fix it? I’d really appreciate the help, sort of dumbfounded, it’s like the install had a brainfart haha.

  • Hi,

    You do not format and then encrypt, it’s the other way around.

    Once you have encrypted your device, you have to open it (a new device will be created in /dev/mapper with the name you gave to it). That’s the device you have to format.

    Did you try this with the installer? Which partition did you encrypt? Root?

    Cheers!

  • Hey karasu, thanks for the response, I appreciate it! And I love the work you’ve done on Antergos, it’s my new personal favourite.

    Now, let me specify what I meant. When I said I formatted I just meant I freed up space from another partition in GParted, and then I used that free space in the Antergos installer. So what happened is that I selected the free space and edited it, went to the encryption tab of the edit menu and setup LUKS encryption. I entered the passphrase I wanted, but I didn’t give it a name (I figured the name was preference, this is perhaps where I went wrong).

    So after I setup LUKS I formatted it to ext4, everything looked good to go so I went to the next step, and on the next step it gave a checklist of how it was going to configure my filesystem. What it said is that /dev/sdf3 was going to be formatted and encrypted, it looked good so I just proceeded, and to my surprise it ended up not being encrypted at all.

    Now to answer your questions:

    Yes, this process was done with the installer.
    The partition I encrypted was root (/ ).

    Now what do you mean by /dev/mapper being created? When I ran the installation I didn’t see anything like that.

  • Hi,

    Thanks for clarification. I’ll test this myself in case this is a regression. Not many people uses the edit option to encrypt their partitions (they use the automatic option), so maybe this is a new one.

    Well…

    About /dev/mapper. /dev/mapper is a folder where “special” devices are created, most of the time are “logical” devices that do not exist per se. For instance, when you use LVM, or RAID, … and when you use LUKS, too.

    More info: http://www.sourceware.org/dm/

  • I use the encrypt partition option from the “edit” menu on all my Antergos systems (I don’t want LVM, just LUKS), but I always enter a name after the passphrase because this is the name of the LUKS volume and cryptsetup opens the volume under the /dev/mapper/<name>.

    And important point to note here is that if you are using the encrypt option in the edit menu, after the install is complete, you need to edit the fstab mount and change it from UUID=XXXXX to /dev/mapper/<name>. The installer does not do this automatically.

  • Hi,

    Then both are correct, and the issue is not entering a name. It should be mandatory when using LUKS. Thanks for pinpointing this!

    https://github.com/Antergos/Cnchi/issues/731

    And important point to note here is that if you are using the encrypt option in the edit menu, after the install is complete, you need to edit the fstab mount and change it from UUID=XXXXX to /dev/mapper/<name>. The installer does not do this automatically.

    Thanks for reporting this! But next time please do it when you detect the issue :grinning:

    https://github.com/Antergos/Cnchi/issues/732

    Cheers!

  • Awesome, I just figured if you didn’t enter a name a default one would be used and that the name was more personal preference.

    So is there anyway now that I can go back and manually encrypt, or would I be better off with a fresh installation? What’s the process for encrypting a fresh installation with the installer given these issues now, just setup LUKS with a name and password, manually configure UUID and then the installer takes care of the rest?

    Also I currently have a file named ‘control’ in my /dev/mapper/ folder (/dev/mapper/control), any idea what that is? Is my LUKS password going to be cached on my system now?

  • @karasu I had planned to report this, but forgot! Thanks for creating the issue!

    @vim Since LUKS is header based on-the-fly transparent encryption, you cannot encrypt an existing partition without reformatting it and setting it up as a LUKS partition. So yes, you will have to reinstall if you want to encrypt your root partition. Remember to fix the fstab after installing or you won’t be able to boot.

    The ‘control’ file in /dev/mapper is the Linux device mapper I/O control file. It will always be there. Nothing you should have to worry about or touch there. And you can safely reuse your previous password. It won’t be cached anywhere by the OS.

  • Alright thanks @craigacgomez !

    So after the partition page, I install, then I configure the fstab? Or do I configure the fstab before I install, just making sure because I’m about to reinstall here and I don’t want to have to reinstall a third time :sweat_smile:

  • At the end of the install, you will be asked to reboot. Click no. Then, mount /dev/mapper/<name> /somewhere. The edit /somewhere/etc/fstab and change the mount point of your root partition to /dev/mapper/<name> instead of UUID=XXXX.

encrypt2 partition16 Posts 10Views 564
Log in to reply