Installing encrypted Debian in solely one partition

Help with issues regarding installation of Debian

Installing encrypted Debian in solely one partition

Postby Cambell » 2016-06-26 10:26

I am installing Debian 8.5.0 amd64 netinst and I need to fit the whole system into only one extended partition as (greedy) Windows 10 is already using 3 primary partitions for its own means (from one it boots, in other a boot manager should be stored and in the last one is for the rest of the Windows) and I need to dualboot these two Debian and Windows together.
To make things just slightly more challenging I would also like to encrypt my Debian system.
Linux distribution that I have installed on other computer (Fedora) was automatically installed in such way that would also solve my problems on this device. It has created one extended partition in which are two logical partitions. One is /boot in ext4 file system and other is LUKS encrypted LVM where rest of system is safely resides.
Therefore, my question is how should I set this up in Debian installer? When I get to partition disk should I choose manual portioning; first of all out of the free space create extended partition big enough for the whole Debian; than create /boot, swap, / (root) and maybe separate /home inside this extended partition and than configure encrypted volume where I put everything beside /boot and the extended partition itself?
I have some gasp of this in theory, although, during real installation I am rather unsure where to click and this is where I need help, so I can finally start using Debian.

Thank you in advance for any helpful tips. ;-)
Cambell
 
Posts: 4
Joined: 2016-06-26 10:12

Re: Installing encrypted Debian in solely one partition

Postby kiyop » 2016-06-26 12:52

Is the partition table really old MS-DOS type one? Isn't it GPT?
For GPT, there is no limitation for the number of primary (+ extended) partisions (up to 4).

How many internal media does the laptop have?
Which is used, BIOS boot or UEFI?

If you do not know how, why not trying without modification? The partition table may not be modified if you do not confirm (select) modification clearly.
Openbox, JWM: Jessie, Sid, Arch / Win XP (on VirtualBox), 10
http://kiyoandkei.bbs.fc2.com/
User avatar
kiyop
 
Posts: 3984
Joined: 2011-05-05 15:16
Location: Where persons without desire to improve themselves fear to tread, in Japan

Re: Installing encrypted Debian in solely one partition

Postby Cambell » 2016-06-26 14:21

Unfortunately, it is the old MBR (Master Boot Record), so yeah I am limited to 4 primary partitions; or 3 primary and 1 extended partition only. :-(

I am using BIOS and my computer has only one internal disk; I should have mention that before, sorry. ;-)
Cambell
 
Posts: 4
Joined: 2016-06-26 10:12

Re: Installing encrypted Debian in solely one partition

Postby dotlj » 2016-06-27 07:39

There are a number of options here:
You could set up the free partition as encrypted for / and add a flashdisk or external device for unencrypted /boot.
I'd look at getting Windows to work with less than three partitions or seeing if it could be reinstalled using GPT instead of MBR.

I don't use Windows so do not know, but is sounds like your Windows 10 maybe using GPT, although if upgraded from Windows 7 it could be using MBR. Greedy to use 3 partitions.

Last option, install Debian and use the whole disk, remove the existing Windows partitions and create new partitions for Debian.
User avatar
dotlj
 
Posts: 599
Joined: 2009-12-25 17:21

Re: Installing encrypted Debian in solely one partition

Postby Cambell » 2016-06-28 07:52

I have played around with Partition disks part of Debian graphical install and I have found the answer!
Two partitions must be created; one big enough for the whole system and second about 550 MB small one for /boot.
First of all, create this big partition; it could be created as ext4 / (root) partition or anything else, only size matters as the format is going to be changed later. After this big partition has been created, go to create encrypted volume and choose this partition for encryption. When it is encrypted go to configure logical volume and recreate this encrypted partition into LVM and create enough logical volumes for / (root), swap /home and anything else you want to have separate and encrypted. When it is all done, just choose the correct format for all logical volumes.

Then, only /boot partition has to be created. Set it up as logical, some BIOSes might have problems to boot from logical partition, although I have had no problems with that. If it does not work for you, you can install /boot on external media such as USB stick or SD card.
There is even a video that shows this https://www.youtube.com/watch?v=7GIFF38htBs&feature=youtu.be&t=3m40s. I had seen it before but I didn't get it at first.

By following these steps whole Debian or any other GNU/Linux distribution can be created in a single extended partition; moreover, the fact that all partitions beside /boot are in one encrypted LVM brings benefit of not having to enter encryption passphrase for each partition separately as only one passphrase for LVM volume is needed.
Simply said, LVM act as secure safe in which other partition (beside /boot) are stored.


I was unsure if I should set bootable flag: on for /boot or not, so I have searched around.
Basically I have found that bootable flag is not required in Linux as GRUB boot loader finds boot without it. I decided to leave bootable flag: off and everything went fine.
Anyway, if you want to know more, you can find below more I have found about boot flag.

polemon - unix.stackexchange wrote:The boot flag is from ancient times, where you would indicate an MBR partition record as bootable, so you could indicate where the boot loader resided.

On modern OS'es this is widely unused, as the MBR consists of a minimal stage loader which bootstraps either into its own partition or jumps to another area on the disk where the boot loader code is kept. (An MBR can contain either executable code or the boot partition table among other things.)
As an example, GRUB is written into the MBR and boots whatever partition you choose.

See also this (quite small) Wikipedia page about the boot flag: en.wikipedia.org/wiki/Boot_flag

https://unix.stackexchange.com/questions/23560/what-is-the-bootable-flag-option-when-installing-a-distro/23588#23588

Seem like the answer is clear, but not always, it must necessarily work as:

Wikipedia wrote:Some modern BIOS test if the bootflag of at least one partition is set. Otherwise they ignore the device in boot-order. So even if the bootloader does not need the flag, it has to be set to start the bootcode from BIOS.[citation needed]

https://en.wikipedia.org/wiki/Boot_flag
Cambell
 
Posts: 4
Joined: 2016-06-26 10:12

Re: Installing encrypted Debian in solely one partition

Postby Ron34 » 2018-10-08 16:58

This is a related question about LVM encryption. After selecting “Passphrase” on the menu, the installer never showed me a place to enter it.

After a more-or-less successful dual-boot install from Debian-live 9.5.0 amd64-gnome+nonfree on DVD – no hiccups; GRUB boots as expected; no apparent damage to pre-existing Win7 OS; Debian logs me in and clearly recognizes uniquely-named logical partitions that I set up in the logical volume group – Debian never challenges me for the Passphrase. Since / (root) is inside the encrypted logical volume group, I expected to encounter the challenge to unlock the disk at the start of the boot.

The last time I tried anything like this was about nine years ago, so I'd appreciate some help.
Ron34
 
Posts: 3
Joined: 2018-10-08 16:35

Re: Installing encrypted Debian in solely one partition

Postby Ron34 » 2018-10-08 18:16

I may have found a partial answer to my question at https://www.debian.org/releases/stable/ ... n#di-setup . I probably selected “Use as physical volume for LVM” and then later tried to configure encrypted volumes. I see that I should have selected “Use as physical volume for encryption.”

However, the installer now will not let me delete the partition holding my logical volume group. I am worried that if I go in and delete it with another OS, I will break GRUB.

Advise, please?
Ron34
 
Posts: 3
Joined: 2018-10-08 16:35

Re: Installing encrypted Debian in solely one partition

Postby Ron34 » 2018-10-08 20:05

Too late. Now I seem to be in deep trouble. Reading other forum threads, I became convinced that I could delete the Debian partitions using Win7, then just re-install Debian. Everything went swimmingly until the GRUB install step, which failed. I completed installation without a boot loader.

Now I'm stuck on grup rescue> with no OS found.

Did the Debian installer corrupt my Windows system disk while installing GRUB?

Booted from my Live Disk and tried sudo grub-install /dev/sda . Failed.

After numerous re-installation attempts, the problem seems somehow to have been solved. Both operating systems will now boot, and Debian clearly requires the encrypted disk to be unlocked with the passphrase before anything else will load.

Scary day for me. Thanks for your indulgence.
Last edited by Ron34 on 2018-10-08 21:21, edited 1 time in total.
Ron34
 
Posts: 3
Joined: 2018-10-08 16:35

Re: Installing encrypted Debian in solely one partition

Postby p.H » 2018-10-09 07:15

I suggest that you open a new topic instead of replying to a 2-year old unrelated topic opened by someone else.
p.H
 
Posts: 631
Joined: 2017-09-17 07:12


Return to Installation

Who is online

Users browsing this forum: No registered users and 6 guests

fashionable