Setting up a LUKS partition to use a USB key

Similar Messages

• ULTRA 5 OPENBOOT serial console disabling - for the use of USB key/mouse

  I ve got an ULTRA 5, I installed a NEC USB PCI card in it, in works no problemo, I can use USB keyboard and mouse under X-WINDOWS (openbsd unix). But this works ONLY if I have classical SUN TYPE 5c keyboard attached.
  Then the system boots, starts X and I can use the USB devices (key/mouse) under Xwindows.
  But when I unplug the SUN TYPE keyboard out, and start the computer, I see just blank black screen on my monitor.
  The X , or anything starts not. The display screen is and stays blank.
  I think, this is because when I dont atach the SUN keyboard at the startup, the system switch output to the serial port console, am I right ???
  Please, how can I disable this option ???
  I want to use just the USB key/mouse. But when I start the system with no SUN TYPE keyboard, I see just black screen. What can I do with it?

  Hello.
  I could take a look on the document from SunSolve and they write you should set the input-device to ttya in OpenBoot:
  ok setenv input-device ttyaMaybe in the other case the serial port will check if there is really something connected to the ttya input port. If the system works if something is connected to ttya but it does not work if nothing is connected (neither keyboard nor null modem cable) this may be the case.
  Martin
  -- EDIT --
  The SunSolve stuff does not modify the X-Server configuration files but they modify the file /etc/system. They add a line like this to the file:
  set consconfig:usb_kb_path="/pci@1f,0/.../keyboard@1"
  set consconfig:usb_ms_path="/pci@1f,0/.../mouse@2"(Both paths are relative to "/devices" and begin with "/").
  This will make the keyboard usable even in the console login.

• LUKS-Partition only mountable via USB

  Hello,
  I want from an 3,5 external USB-Device to an SATA input. When i take the HDD from the USB-Case and connect it to the sata-port of my cubietruck, i can't decrypt the Partition anymore. Does anyone know what could be the problem?
  Kind regard,
  Fabian

  https://bbs.archlinux.org/viewtopic.php?id=153431

• Bootcamp assistant isn't working for me. How can I get windows on my macbook pro by using a usb key?

  Bootcamp won't allow me to partiton the drive. and won't find the key i have windows on.

  What happens when you try to use Boot Camp Assistant?
  You should visit the Boot Camp forum https://discussions.apple.com/community/windows_software/boot_camp.

• How can I keep bootable partitions from showing when I want to use my usb stick without the option command at boot up?

  Im using a usb stick with bootable diagnostic partitions and a extra partition for diags that run in the OS. When i want to use diagnostics from this extra partition on a mac thats already booted, I have to wait for all the bootable partitions to mount as well as the one partition that I need. Is there a way to hide these bootable partitions when using the usb drive as a storage device to run diags in the OS?
  Thanks

  I think I may have to look into a redirect line in my htaccess file so that direct loads of my mp3's route through my website page.
  If you do this you may find iTunes won't read the files, so I should test carefully on one file first if possible.

• A question about Maveric installer created on a USB key? Can this be used multiple times?

  I have downloaded Maveric on a Mac Book Pro.
  Then without installing utilising Diskmaker X as suggested using a USB key have created Maveric installer.
  My question is that I wish to know if the above created USB installer could be used in more than once to install Maveric?
  If I put that above created USB on a Mac Book Air and do the install, and could I use the same USB installer on a second Mac Book Air to install Maveric OS?
  This will help not needing to use broadband downloads where restrictions apply?
  Regards

  Thank you Lanny.
  That is great to know about Mavericks.
  Regards

• [Solved] Problem booting root in LVM, which spans two LUKS partitions

  Hello,
  I recently switched to Arch from OpenSuse, and I'm having a bit of trouble getting my encrypted disks to boot properly. I have two disks, the first is a 4 TB drive set up like this:
  MBR partition table
  Partition 1 - Windows 7, 200GB
  Partition 2 - Linux boot, 200MB
  Partition 3 - Luks partition, 1.7TB
  Partition 4 - Luks partition, 1.7TB
  Within partition 3 and 4 is an LVM volume which spans the two partitions. The reason for that is just that I can't have a 3.4TB partition on an MBR formatted drive (as I understand it). I have the root volume and swap, etc within this LVM. The second hard drive is simply a data drive, also encrypted. My problem is that I don't know how to tell the system to open both of these encrypted partitions at boot, in order to boot the root volume. This worked fine under OpenSuse and I only needed to enter the Luks password once (it is the same for both partitions).
  As it is right now, my boot parameters in /etc/default/grub look like this:
  GRUB_CMDLINE_LINUX_DEFAULT="quiet nomodeset cryptdevice=/dev/sda3:sda3_crypt root=/dev/mapper/vg_arch-root"
  Currently the system boots, asks for the password to /dev/sda3, hangs for roughly 20 seconds and then kicks me into a root prompt. I can manually open /dev/sda4 at this point using cryptsetup and the system will continue booting normally... but I would like to have it set up properly, so I don't need to do that. Considering OpenSuse does this out of the box I figured it should be possible under Arch. Any help would be appreciated.
  Thanks
  Last edited by keitolainen (2015-06-09 21:56:08)

  As a quick update in case anyone is reading this, I cleaned up the script a bit and hopefully made it something closer to a "proper" fix.
  Rather than editing /usr/lib/initcpio/hooks/encrypt directly, I did the following:
  cp /usr/lib/initcpio/hooks/encrypt /etc/initcpio/hooks/
  then changed the following section of /etc/initcpio/hooks/encrypt from:
  # Ask for a passphrase
  if [ ${dopassphrase} -gt 0 ]; then
  echo ""
  echo "A password is required to access the ${cryptname} volume:"
  #loop until we get a real password
  while ! eval cryptsetup open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do
  sleep 2;
  done
  fi
  to:
  # Ask for a passphrase
  if [ ${dopassphrase} -gt 0 ]; then
  echo ""
  while true ; do
  echo -n "A password is required to access the ${cryptname} volume: "
  read -sr password
  echo $password | cryptsetup open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}
  if [ $? = 0 ] ; then
  break
  fi
  done
  echo $password | cryptsetup open --type luks /dev/sda4 sda4_crypt
  echo ""
  fi
  then edited /etc/mkinitcpio.conf and changed:
  FILES=""
  to:
  FILES="/etc/initcpio/hooks/encrypt"
  and ran
  mkinitcpio
  This is working well for me and I think it's a little cleaner than the solution I posted earlier. Sorry for the awkward bash, if anyone has a more elegant solution please let me know.

• How to find out the Non Partitioned Tables used 2Gb on oracle

  Hi team
  how to find out the Non Partitioned Tables used > 2Gb on oracle where not is sys & system
  regards

  heres 1 I made earlier
  set pagesize 999
  set linesize 132
  col owner format a25
  col segment_name format a60
  select owner,segment_name,segment_type,(bytes/1024/1024)"MB size"
  from dba_segments
  where owner not in ('SYS','SYSTEM','XDB','MDSYS','SYSMAN') -- edit for taste
  and segment_type = 'TABLE'
  having (bytes/1024/1024) > 2000
  group by bytes, segment_Type, segment_name, owner
  order by 4 asc

• [Solved] How to resize an encrypted luks partition?

  Edit: This worked: http://www.enigmacurry.com/2007/04/28/r … ilesystem/
  I have some empty space on my harddrive, and wish to fill it up, with my existing partition.
  This is my harddrive setup in gparted:
  And fdisk respectively:
  [ricky@archlinux ~]$ sudo fdisk /dev/sda -l
  Disk /dev/sda: 320.1 GB, 320072933376 bytes
  255 heads, 63 sectors/track, 38913 cylinders, total 625142448 sectors
  Units = sectors of 1 * 512 = 512 bytes
  Sector size (logical/physical): 512 bytes / 512 bytes
  I/O size (minimum/optimal): 512 bytes / 512 bytes
  Disk identifier: 0x58bd1192
  Device Boot Start End Blocks Id System
  /dev/sda1 * 63 289169 144553+ 83 Linux
  /dev/sda2 289170 195607439 97659135 83 Linux
  /dev/sda2 (the crypted luks partition) contains an lvm group.
  I am trying to enlarge the luks partition, to fill all of the empty space, soi can give some more space to the lvm's inside the encrypted partition.
  I did come across an interesting page here: http://www.enigmacurry.com/2007/04/28/r … ilesystem/
  Is this the correct approach, by deleting the WHOLE partition (not the data), and then simply creating a new partition, with the same start-sector, and the higher end-sector?
  Will that allow me to then resize my lvm's inside of the luks partition?
  I am sorry if this is confusing.
  Last edited by xdemo (2011-03-18 07:53:35)

  jakobm wrote:Please be sure to use the bbs search: Defragment a NTFS partition from LINUX
  That thread has absolutely no information other than a list of motivations to use Windows to defrag it... and a link to a buggy Python defragger.
  Here's the only bulletproof way to defrag NTFS under Linux:
  Make a new partition of the same size (or bigger), and format it to NTFS and mount it at /defragged
  Mount your fragged partition at /fragged
  rsync -av /fragged /defragged
  Wha-la. /defragged is now your fragged partition, defragged. Reformat /fragged and rsync it back if you really must.
  Drives get fragmented if you do multiple copies at the same time, so don't do anything else on the drive while it's syninc.
  Last edited by dagelf (2014-08-28 07:21:54)

• Resizing luks partition "in front"

  Hello
  I have currently the following partitioning scheme:
  .-(~)----------------------------------------------------------------------------------------------------(root@tirion)-
  `--# fdisk -l /dev/sda
  Disk /dev/sda: 107.1 GiB, 115033153536 bytes, 224674128 sectors
  Units: sectors of 1 * 512 = 512 bytes
  Sector size (logical/physical): 512 bytes / 512 bytes
  I/O size (minimum/optimal): 512 bytes / 512 bytes
  Disklabel type: dos
  Disk identifier: 0x4488c4dc
  Device Boot Start End Sectors Size Id Type
  /dev/sda1 * 63 192779 192717 94.1M 83 Linux
  /dev/sda2 192780 224674127 224481348 107G 83 Linux
  sda1 is a normal ext4 partition, sda2 LUKS with ext4
  I found out, how I can grow a LUKS partition on the "end", but how can I get rid of sda1 and resize the luks partition to take all of the space?

  Growing, or resizing in general, only happens on the end. So the way to do that would be to delete sda1 & sda2 (in the partition table that is) and create a new partition sda1 over the entire disk. Then you'd need to move the data from the old sda2 to be located where they outta be, so say for example your new partition would be like e.g.
  Device Boot Start End Sectors Size Id Type
  /dev/sda1 2048 224674127 224672080 107G 83 Linux
  That would mean sda2 used to start at 192780*512=98703360 and the new one would now start at 2048*512=1048576 -- So I guess you could move data e.g. with dd:
  dd bs=4M if=/dev/sda skip=98703360 iflag=skip_bytes of=/dev/sda seek=1048576 oflag=seek_bytes
  It should put the data of the old sda2 right in the new sda1 location, so you can use it as expected. Then you can then grow your filesystem as usual (on the end) to take all the space/partition.
  Assuming sda2 has a LUKS header, a simply way to make sure your at the right place would be:
  dd if=/dev/sda bs=4 count=1 skip=98703360 iflag=skip_bytes
  If it's right, it should read/show "LUKS"
  Of course you should have a backup of your data before doing any of that. (Also some tools like maybe gparted or something might be able to do the whole thing "automatically" for you, I don't know.)

• Merging/Combining Partition D into the main Partition C using Windows 7.

  Can I combine both partition C and Partition D and create a larger Partition C using Windows 7?
  I deleted the original Lenovo Recovery Partition Q, reformatted (NTFS) the unallocated empty Partition into a
  new Partition D with 13 GB of free space.  My goal is to merge Partition D (13GB) into my
  main partition C (83GB) and have a larger Partition C (99GB) thus eliminating Partition D using
  Windows 7 (ie. Disk Management etc.).
  I really don't want to download and use any 3rd party software (ie. Partition Magid etc.) unless absolutely
  necessary.  I have previously posed this question on the T530 forums and the only recourse given was to
  use a 3rd party Partition Software.  I am posting here as my last resort before relenting and using 3rd Party Software.
  BTW I have ordered from Lenovo a complete set of recovery disks for my ultimate backup and system restoration.
  Thanks,
  Altoid666
  T530,Core i7-3820QM,16GB Ram, Intel 530 SSD 240GB, Blutooth 4.0,Ultimate-N 6300, 15.6 FHD, Nvidia NVS 5400M., All software current.,
  Windows 7 Ultimate x64 , SP1. Office 2013 Professional

  Yes, you can, BUT you should run the partitioning application form another storage unit (example: USB Stick).
  Best regards.
  IPnaSh
  First Spanish Community Guru - Colaborador ad honorem

• Luks encrypted key file as key for luks partition (two-factor auth)

  I'm trying to implement "two-factor" authentication (possession of a keyfile and knowledge of a passphrase required) using dm-crypt in order to open an encrypted root filesystem. In the past I used gpg and later openssl to decrypt a keyfile using a passphrase, which then was used by cryptsetup using --key-file to decrypt the actual data device. I'd like to ditch gpg/openssl and use only cryptsetup.
  So the idea is to create a luksFormatted key file (loop device) which, when opened using a passphrase, will be used as the key (using --key-file) to open a luksFormatted hard drive partition.
  To illustrate:
  # create and luksFormat the key container file
  dd if=/dev/urandom of=key_container bs=1M count=4
  cryptsetup luksFormat key_container
  # open the container and create a random "key" by directly writing pseudo random data to it
  cryptsetup luksOpen key_container key_device
  dd if=/dev/urandom of=/dev/mapper/key_device
  # luksFormat the data device using the random data from the luks key device
  cryptsetup -d /dev/mapper/key luksFormat /dev/sda1
  # later, to open /dev/sda1
  cryptsetup -d /dev/mapper/key_device luksOpen /dev/sda1 encryptedfs
  My questions:
  1. Is this a valid approach or am I making a mistake/do you see a problem somewhere?
  2. How much data from the loop device will cryptsetup use as key to format/open the data device? Everything? Is there a limit?
  3. Is there a difference between doing a
  cat /dev/mapper/key | cryptsetup -d -
  and
  cryptsetup -d /dev/mapper/key?
  3. Assuming that the answer to 1 is "no mistake/problem" and 2 is "everything there is" or even "the first x bytes", is it possible that  the actual contents of the loop device may change in the future because of different loop device implementations or somethings else I didn't think of? I'd like  to avoid bad surprises in the future..
  4. What would you recommend as size for the key container file, knowing that the luks header requires some space too?
  Any feedback appreciated.
  Cheers,
  fabriceb

  I do the same ( https://wiki.gentoo.org/wiki/Custom_Ini … ed_Keyfile ).
  --key-file=- should be equivalent, but it's meant for grabbing a key from gpg output or whatever; since you can specify it directly here, no need to involve anything else like cat etc.
  without --key-file=- it would stop reading at newlines or something. this behaviour is quite dangerous as it may cause people who believe they're using a long random key, to use only a very short (or even empty) key instead. one way to avoid such ambiguousness is to make sure there are no newline bytes in your keyfile, so it would use the whole thing in either interpretation.
  as for the key length, a key is essentially a passphrase. So it does not have to be very long at all; 8 truly random bytes would require up to 256^8 tries to break after all and with LUKS, each try takes ~1 second per physical CPU... but the smallest unit that LUKS allows is 512 bytes (1 sector) so you could just as well use the whole thing. If you use 4096 bytes, you're confusing bytes with bits somewhere... and as for bits, even 128bit AES is still considered secure...
  You could save some bytes in the initrd.gz if you initialize the container file with zeroes instead of random, so it can be compressed. The key will still be random as the random cipher key will turn the zeroes to something else after all...

• 3 partition scheme using Lion and Winclone

  Hi All,
  I used this tutorial to set up a 3 partition scheme to my iMac (OSX Lion):
  http://forum.parallels.com/showthread.php?t=88729
  I have done everything like the tutorial instructed, but W7 won't boot anymore. I even can't select Windows anymore while booting. The tutorial also describes this, so it is not something weird.
  I followed every step of the tutorial, so i made the W7 (Bootcamp) Image. But when i want to restore this image, winclone gives an error. This is what the log file tells me:
  Mon Aug  1 23:13:34 CEST 2011: Partition is : /dev/disk0s5
  Mon Aug  1 23:13:35 CEST 2011
  Mon Aug  1 23:13:35 CEST 2011: Restoring:
  Mon Aug  1 23:13:35 CEST 2011: '/Applications/Winclone.app/Contents/Resources/winclone.perl' -restore  -copy_bcd '/Applications/Winclone.app/Contents/Resources/BCD' -disk_device /dev/disk0 -ntfs_partition /dev/disk0s5 -v -update_bootini -q -image_dir='/Users/guido/Desktop/Untitled.winclone' -gptrefresh_path='/Applications/Winclone.app/Contents/Resources' -ntfstools_dir=/Library/NTFSProgs >> ~/Library/Logs/Winclone.log  2>&1 &
  restoring.....
  getting fdisk info.....
  Use of uninitialized value $val in split at /Applications/Winclone.app/Contents/Resources/winclone.perl line 355.
  Use of uninitialized value $fdisk_start[2] in string ne at /Applications/Winclone.app/Contents/Resources/winclone.perl line 357.
  Use of uninitialized value $fdisk_start[2] in string ne at /Applications/Winclone.app/Contents/Resources/winclone.perl line 357.
  Use of uninitialized value $fdisk_start[2] in string ne at /Applications/Winclone.app/Contents/Resources/winclone.perl line 357.
  Use of uninitialized value $fdisk_start[2] in string ne at /Applications/Winclone.app/Contents/Resources/winclone.perl line 357.
  validating partition type.....
  cleaning up: Mounting Disk
  Volume BOOTCAMP on /dev/disk0s5 mounted
  Partition 5 on device /dev/disk0 is not a MS-DOS Partition!
  Mon Aug  1 23:13:37 CEST 2011
  Does someone know what to do?
  Regards! Guido

  I don't do Windoze, but Lion does not like "non-standard" Boot Camp installations, and as I understand it, that means a single OSX partition and the Boot Camp partition as set up by Boot Camp, with no changes to either partition since.  Period.
  See http://support.apple.com/kb/HT4649?viewlocale=en_US

• How to set up a HP1102w for wireless use with iPad/Iphone etc

  Hi,
  I purchased the HP P1102w last year and it's certainly not out of the box Airprint compatible, in fact it is very fiddly, but the following takes about 10 minutes using a mac. The besuty of this is it works with my BT homehub also and probably any wireless router including Airport Express and Extreme and no need to have your printer sat near the router or use the USB cable. My iPad3, Wife's iPad2 and both iPhone 4's work beautifully too.
  I spent several hours before discovering this solution and eventually sorted all of this out using the following:
  Firstly you will need to go to the HP Support site and download the HP Driver Software for OS 10.7 Here:
  http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=bi-80684-5 &cc=uk&dlc=en&lc=en&os=219&product=4110396&sw_lang=
  Once this has been installed to the HP 1102w using the USB, you then disconnect the printer from the USB and using your MAC connect to it using Network Connections (Click on the Wireless Icon in the task bar). The printer should be listed here under 'devices', (Note this will disconnect you from the internet!!!).
  Once you are connected directly and wirelessly to the printer the blue light should stop flashing and remain constantly blue!!!
  At this point go and make a cup of tea or leave the printer for about 3 -5 minutes before the next step to allow the printer to initiaite and provide and IP Address.
  Next stage is to print a 'Self Test / Device Configuration' sheet from the printer. Do this by holding the red X button until the green light flashes on the printer (About 10 secs), when you release the printer should print a page with two columns on. The right hand column should state an IP Address. (if the printer is 'not connected' or 'initiating' try again in a few minutes. If the IP Address is 0.0.0.0 then the printer is not connected and recheck the blue light is not flashing (it should be permanently lit).
  Now you have the IP Address, open safari and type in the IP Address eg.... 192.254.1.87 with no http or www. just the plain IP Address.
  This should then open the control pages for the HP Printer Set up. These are green and white web pages.
  Go to the Networking Tab (Nearly there, promise)....  Click on 'Wireless' on the left hand menu and then in the new page that opens do the following:
  Change from 'AdHoc' to 'Infrastructure'
  In the next section 'Network Name (SSID)' - the name will be the HP name.... in the available network box select your home network and then press the little box that looks like this --  [<<]..... this should then change the 'current network name (SSID) to your home network (If your network is not listed just use the refresh button).
  Last stage is to change the 'Authentification'
  Change this to WPA/WPA2 (or other if your router is set otherwise) and in the 'passphrase' box enter the security password for your router and then finally save the changes....
  After this all you then need to do is go to settings on your Mac - Printer and Faxes and remove the HP 1102w from the list using the - sign. Then click the + button to add a new printer and hey presto you will find the HP1102w with Bonjour.... simply add and then you can print from your Mac, Ipad and Iphone with no further tinkering....
  I really hope this helps and you don't get as stressed as I did....
  Happy printing...
  Steve
  ps. Why couldn't HP just tell you this!!!!!!

  Hi pctiger92!
  The WRVS4400N is now being handled by the Cisco Small Business Support Community.
  For discussions about this product, please go here.

• HT4053 can i set up my new iphone 5s using my ipad (because my work laptop wont allow me to installl itunes).?

  can i set up my new iphone 5s using my ipad (because my work laptop wont allow me to installl itunes).?

  No, but you do not need iTunes to setup a new iPhone 5s. Create an iCloud backup for anything you want to transfer to the new iPhone.