Originally posted by zeron00
View Post
Announcement
Collapse
No announcement yet.
UEFI and Grub - 1st Boot fails; 2nd works
Collapse
This topic is closed.
X
X
-
Windows no longer obstructs my view.
Using Kubuntu Linux since March 23, 2007.
"It is a capital mistake to theorize before one has data." - Sherlock Holmes
- Top
- Bottom
-
Originally posted by Snowhog View PostWhy? Unless you do or are going to be operating your PC in a totally open environment -- people other than you will have access to your PC -- you don't need to have an encrypted /home directory.
It's not just /home that is encrypted, but everything except /boot. I'm using dm-crypt/LUKS over LVM.
- Top
- Bottom
Comment
-
The level of security one incorporates should be balanced against the actual risk one can expect to encounter. I know SteveRiley will have more to say on that. But, to each their own.Windows no longer obstructs my view.
Using Kubuntu Linux since March 23, 2007.
"It is a capital mistake to theorize before one has data." - Sherlock Holmes
- Top
- Bottom
Comment
-
Originally posted by Snowhog View PostThe level of security one incorporates should be balanced against the actual risk one can expect to encounter.
Opinions may differ on what constitutes "balance" in any specific circumstances. 4 years ago my computer was seized by the Swedish police because I downloaded music files. They had no trouble accessing my unprotected windows harddrive and the music found on it was later used as evidence against me at the trial. It's just one example of the "actual risks" that must be taken into account.
- Top
- Bottom
Comment
-
Pan-Galactic QuordlepleenSo Long, and Thanks for All the Fish
- Jul 2011
- 9524
- Seattle, WA, USA
- Send PM
Originally posted by zeron00 View PostOpinions may differ on what constitutes "balance" in any specific circumstances. 4 years ago my computer was seized by the Swedish police because I downloaded music files. They had no trouble accessing my unprotected windows harddrive and the music found on it was later used as evidence against me at the trial. It's just one example of the "actual risks" that must be taken into account.
Originally posted by zeron00 View PostIt's common sense, in my opinion. You wouldn't leave your laptop unencrypted, would you? A stationary home computer is a bit more secure than a laptop, but it's still vulnerable. People other than you may get access to your computer even if you're keeping it at home. A burglar may get into your house (even if it's unlikely it's not impossible) or your computer can get seized by authorities (for example by a request from IFPI, or some other RIAA-like organization -- few people don't use torrent today) or some other unlikely thing may happen... It's not inconceivable. Better safe than sorry!
Volume encryption is a useful defense against theft of a computer or hard drive (when the machine is hiberated or powered off, but not when sleeping or in standby). File encryption is a useful defense against interception of individual files in transit or at rest. If you feel encryption is important, don't encrypt the entire /home subdirectory but instead use a file encryption tool and encrypt only the files/subdirectories that make sense. This is a better way to approach risk mitigation.
Originally posted by zeron00 View PostIt's not just /home that is encrypted, but everything except /boot. I'm using dm-crypt/LUKS over LVM.
Originally posted by zeron00 View PostI understand this. Although it's nice when it's pretty! And when it's tuned and all the errors and other stuff that can cause problem has been dealt with I see no reason not to use the graphical boot.
I'm not implying that this is the problem in your case -- that you understand how to use these encryption tools displays you possess knowledge beyond an absolute beginner.
Originally posted by zeron00 View PostI mean graphical mode. As soon as I type in my passphrase (in the text mode) and press 'enter' a few lines of messages appear (too quickly to read) and graphical KDM login screen is suddenly there. I've switched from LightDM back to KDM because it looks better. But before I made the changes you suggested the 1st boot didn't get so far. It didn't even display the screen where I type my passphrase, much less the login screen.
I read about plymouth in this thread but I don't really understand what it is, except that it has something to do with the graphical boot. Could it be what was causing the problem in the first place? After all, I don't experience this problem with the text boot, only with the graphical boot.
- Top
- Bottom
Comment
-
Originally posted by SteveRiley View PostI'm a security engineer, and I've concluded that encrypting home computers creates far more risk.
Originally posted by SteveRiley View PostEncrypted volumes are notoriously difficult to debug, they're fragile (relying, as they do, on a single easy-to-misplace key), and they do nothing to protect you from malware that can access your computer while running under your user account or as root.
Originally posted by SteveRiley View PostVolume encryption is a useful defense against theft of a computer or hard drive (when the machine is hiberated or powered off, but not when sleeping or in standby).
Originally posted by SteveRiley View PostIf you feel encryption is important, don't encrypt the entire /home subdirectory but instead use a file encryption tool and encrypt only the files/subdirectories that make sense. This is a better way to approach risk mitigation.
Originally posted by SteveRiley View PostI have zero experience with LVM and LUKS. So to the extent that your problems might be at least partially related to your use of these technologies, I won't have any guidance for you.
Originally posted by SteveRiley View PostThe reason to always avoid graphical boot is this: when a boot fails, people immediately begin searching Google for clues. Invariably, they find suggestions that apply to older versions of Kubuntu or Ubuntu, or suggestions that apply to completely different distributions. They valiantly attempt a blizzard of command line activity without completely understanding what's going on.
Originally posted by SteveRiley View PostHaving a text-only boot all the time ensures that you're immediately informed not only when something goes bad, but also what went bad. It helps you guide you toward more immediate and proper troubleshooting.
Originally posted by SteveRiley View Post...that you understand how to use these encryption tools displays you possess knowledge beyond an absolute beginner.
Originally posted by SteveRiley View PostThe changes I had you make in post #6 should have resulted in a pure text-mode boot, without any automatic switching to graphical mode after login. Can you please verify the behavior you're seeting?
That article you linked to is interesting. I only understand parts of it but some of the thing in it caught my attention. Here's one (the emphasis is mine):
GRUB 2 also supports passing this graphical boot screen through to the kernel at boot time as a pre-initialized linear framebuffer ("set gfxpayload=keep"). This enables the Linux kernel to start up in the preferred graphics video mode, instead of the traditional behavior of starting up in text mode and modesetting the video output afterwards. This is used by default as of Ubuntu 11.04, unless the graphics hardware is blacklisted or the previous boot failed. In Ubuntu 11.10, this is also disabled in recovery mode.
In the default case, there is no video handling in the initramfs. [...] If cryptsetup is installed, however, as is the case whenever ecryptfs-encrypted home directories are selected at install time, framebuffer handling is included in the initramfs.
- Top
- Bottom
Comment
-
similar problem here
Hi guys,
don't know if it's related to UEFI or not, but since last Moun-update, i have a very similar problem with my kubuntu 12.10. (nothing encypted)
first boot runs until writing Kubuntu 12.10 appears and the dots are working...
then text-console tty1 with login for machine.
hardware reset on case brings me to grub, where i can chose (ubuntu, ubuntu advanced, memtest etc.) if i go for ubuntu/kubuntu, then on the writing Kubuntu 12.10 with the dots appears something like i'm checking all files...
1-2 mins later restart back to grub, if i chose kbuntu again it starts normal.
so far i have done the adjustments to /etc/default/grub and the tty1 as mentioned above.
i've seen some messages while booting, if i was fast enough, it was something like winblinds - failure and while 12.10 (dots) something like kvm disabled by bios.
sorry for my bad english - if you can help: my knowledge with linux is, that i can follow orders which are given step by step
thx
ed
*edit* i switched back to former kernel and everything is working well so far.
- Top
- Bottom
Comment
-
Update.
The upgrade to 13.04 has corrected this error.
Originally posted by SteveRiley View PostThe changes I had you make in post #6 should have resulted in a pure text-mode boot, without any automatic switching to graphical mode after login. Can you please verify the behavior you're seeting?
- Top
- Bottom
Comment
Comment