Closed GoogleCodeExporter closed 9 years ago
ok, it seems like mode which I did not considered (with system encryption only
one drive is supported currently - others must be encrypted separately).
How exactly did you encrypted the system in truecrypt? (I will need to
reproduce this configuration to fix it).
Thanks for report!
Original comment by gmazyl...@gmail.com
on 28 Nov 2013 at 12:25
After the system was installed and configured (drive partitioned to 3
partitions and windows 7 installed on the first one) i used truecrypt to
encrypt the system drive along with other partitions. When you initiate the
system encryption in windows, truecrypt asks if you want to only encrypt the
system partition or the whole drive. I choose the latter option.
Original comment by fulldi...@gmail.com
on 28 Nov 2013 at 1:48
Thanks. Some modifications will be needed here because for system encryption we
now require full device parameter (not partitions). Seems this was a mistake.
Will think how to do it better for this configuration....
Original comment by gmazyl...@gmail.com
on 28 Nov 2013 at 2:45
There are other issues with this design, that need to be considered as well...
In the above scenario, the original poster encrypted multiple partitions on a
disk using what TrueCrypt calls the "WDE" feature, and Linux is running from a
different disk.
One could also have a single disk setup where one partition is encrypted with
TrueCrypt system encryption and Linux is installed on another partition on the
same disk. In this case, the tcryptOpen fails as well, with the following error:
"Cannot use device /dev/sda which is in use (already mapped or mounted)."
The mapping fails if any of the partitions /dev/sda* are already mounted, such
as in this case.
In my opinion, the most appropriate design would be:
- accept the exact partition specifier in the open command (/dev/sdaX)
- in case --tcrypt-system option is specified, read the volume header from LBA
62 on that disk, instead of the first sector of the partition
- decrypt the header and ensure that the requested partition is covered by the
master key scope
- map /dev/sdaX as requested by the user
Cheers!
Original comment by y...@indiatimes.com
on 2 Dec 2013 at 10:23
Should be fixed by commit
http://code.google.com/p/cryptsetup/source/detail?r=c57071a43a0d43d08faed85faaaf
39ad04e68797
which allows to use partition as a parameter with system encryption.
Please test git version if you can, thanks.
BTW "Cannot use device /dev/sda which is in use (already mapped or mounted)."
if other partition is in use was fixed already in previous versions.
Original comment by gmazyl...@gmail.com
on 7 Dec 2013 at 11:09
Original comment by gmazyl...@gmail.com
on 7 Dec 2013 at 11:10
Both scenarios verified successfully with git snapshot taken on 12/09/2013.
Details are documented under issue 188.
Thanks!
Original comment by y...@indiatimes.com
on 10 Dec 2013 at 7:17
This just landed in fedora 20 , everything works as expected!
Thanks a bunch!
Original comment by fulldi...@gmail.com
on 23 Dec 2013 at 9:05
Original issue reported on code.google.com by
fulldi...@gmail.com
on 27 Nov 2013 at 9:21