I am thinking about a situation for IFL involving backup & restore of encrypted data on a secondary disk, one which can be unmounted while a Linux OS is running from the primary disk. Supposing the encrypted disk, for example, were made with LUKS/dm-crypt as the "last" layer of abstraction on top of a regular file system, or even one made with LVM, and this inner layer included separate partitions or volumes, which I would like to backup separately, instead of the entire, huge disk. This would not be an uncommon scenario.
Looking over the information in TeraByte's knowledge base, there appear at least a couple of ways to handle this backup procedure. I saw this article, http://www.terabyteunlimited.com/howto/ ... _linux.htm , showing how to add IFL separately to an existing Linux distribution. Using that method under these conditions, I could install IFL and boot into the OS normally while then having access to the OS's tools for handling LUKS. With it I then should be able to mount the decrypted disk, open the volumes using the tools of the OS, or using the LVM tools provided with IFL itself, and I could procede to backup or restore the individual partitions or volumes, whichever the case may be. It seems to me that this should work unless I am overlooking something.
Alternatively, it may be the case that I do not or cannot install IFL onto the Linux OS disk directly, but I may be able to accomplish the same thing by using an installation of IFL on a small USB flash drive. I have not seen that there is a ready-made portable version of IFL for use in this case. Nonetheless, I see no reason why I could not insert a USB disk into the machine's USB port, format it with a Linux file system, mount it from the OS and then install the IFL program to its drive. This would allow me, just like before, to have access to its functionality while I was running the machine's regular Linux OS. At this point, the procedure described above for accessing the secondary, encrypted disk would be just the same.
Either of these two approaches seems fairly straightforward. I suppose a third approach, one which might in fact have additional merit, would be to use a small USB flash drive to install an entire Linux OS, along with IFL, making sure to include just the required tools necessary for accessing the inner partions or volumes, including the LUKS/dm-crypt program since IFL already has included LVM. I could then boot the machine from this small device independently of its existing OS. This sort of method would have the additional benefit of being usable on many other machines as well.
It would be swell if IFL already included tools for working with LUKS/dm-crypt encryption. It might be worth considering now that Truecrypt is no longer supported. It appears to have been abandoned by the developers since Windows XP, on which it was used extensively, has reached the end of support too. Furthermore, from what I have seen in quite a few places, Truecrypt is probably no longer safe to use, having been compromised in its latest rendition. Even if one only used a pre-existing copy of the program, it is not being developed and maintained. It will become irrelevant soon enough.
Portable IFL media & encryption
-
TeraByte Support(TP)
- Posts: 305
- Joined: Wed Aug 31, 2011 4:22 pm
Re: Portable IFL media & encryption
As of IFL 2.90 (the current release), IFL contains the 'cryptseup' utility, which is the standard Linux command line utility to access (mount) LUKS containers. In the case of LVM volumes, there is also a 'luks-lvm' script on the boot disk, which is a menu driven utility to make the LVM volumes inside a LUKS container visible to IFL.
I'm not sure what you are referring to as a "portable" version of IFL, but the IFL boot media can be created on USB flash drives from MakeDisk, just like you can create it on optical discs. Just have one plugged in when running MakeDisk, and it will be available as a target. Once booted, it will be exactly the same IFL environment as an optical disc.
I'm not sure what you are referring to as a "portable" version of IFL, but the IFL boot media can be created on USB flash drives from MakeDisk, just like you can create it on optical discs. Just have one plugged in when running MakeDisk, and it will be available as a target. Once booted, it will be exactly the same IFL environment as an optical disc.
Re: Portable IFL media & encryption
> "As of IFL 2.90 (the current release), IFL contains the 'cryptseup' utility..."
Awesome! So, as of the last release IFL can access both dm-crypt and LVM containers on Linux file systems. That negates the point of my previous post regarding the need to add IFL to a distribution for such purpose. I was not aware of its ability to handle this kind of encryption. Where was this new feature pointed out? Is there a more extensive changelog than this one:
http://www.terabyteunlimited.com/upgrad ... -linux.htm
> "I'm not sure what you are referring to as a "portable" version of IFL..."
As in the KnowledgeBase article I referenced in previous post, I had in mind, not a bootable installation such as already exists, but an image with IFL already set up to be used by any Linux distribution simply by copying it to a small USB drive and inserting it in a machine running some Linux OS. then, instead of installing the program to this distribution such as the article described, it would be ready-made IFL program, fully featured, and capable of doing backups/restores of unmounted drives from within the running OS. Maybe this would not work as I roughly envisioned it, but I wanted to throw it out there for thought.
Awesome! So, as of the last release IFL can access both dm-crypt and LVM containers on Linux file systems. That negates the point of my previous post regarding the need to add IFL to a distribution for such purpose. I was not aware of its ability to handle this kind of encryption. Where was this new feature pointed out? Is there a more extensive changelog than this one:
http://www.terabyteunlimited.com/upgrad ... -linux.htm
> "I'm not sure what you are referring to as a "portable" version of IFL..."
As in the KnowledgeBase article I referenced in previous post, I had in mind, not a bootable installation such as already exists, but an image with IFL already set up to be used by any Linux distribution simply by copying it to a small USB drive and inserting it in a machine running some Linux OS. then, instead of installing the program to this distribution such as the article described, it would be ready-made IFL program, fully featured, and capable of doing backups/restores of unmounted drives from within the running OS. Maybe this would not work as I roughly envisioned it, but I wanted to throw it out there for thought.
-
TeraByte Support(TP)
- Posts: 305
- Joined: Wed Aug 31, 2011 4:22 pm
Re: Portable IFL media & encryption
P19 wrote:
> > "As of IFL 2.90 (the current release), IFL contains the 'cryptseup'
> utility..."
>
> Awesome! So, as of the last release IFL can access both dm-crypt and LVM containers
> on Linux file systems. That negates the point of my previous post regarding the need
> to add IFL to a distribution for such purpose. I was not aware of its ability to
> handle this kind of encryption. Where was this new feature pointed out? Is there a
> more extensive changelog than this one:
>
> http://www.terabyteunlimited.com/upgrad ... -linux.htm
Changes to the IFL boot disk itself (as opposed to the IFL program) are listed in the file boot_disk_changes.txt in the help directory of the extracted IFL zip files (Ifl_en.zip, ifl_en_gui.zip, etc.). The boot disk is not necessarily updated on every IFL release.
>
> > "I'm not sure what you are referring to as a "portable" version
> of IFL..."
>
> As in the KnowledgeBase article I referenced in previous post, I had in mind, not a
> bootable installation such as already exists, but an image with IFL already set up to
> be used by any Linux distribution simply by copying it to a small USB drive and
> inserting it in a machine running some Linux OS. then, instead of installing the
> program to this distribution such as the article described, it would be ready-made
> IFL program, fully featured, and capable of doing backups/restores of unmounted
> drives from within the running OS. Maybe this would not work as I roughly envisioned
> it, but I wanted to throw it out there for thought.
That would have to be looked into, since problems could come up depending on the distro involved. It still wouldn't be completely self contained, since IFL will still require certain packages to be installed on the distro, depending on what you're doing. These are not included with IFL, both for size reasons, and shared lib compatibility reasons.
> > "As of IFL 2.90 (the current release), IFL contains the 'cryptseup'
> utility..."
>
> Awesome! So, as of the last release IFL can access both dm-crypt and LVM containers
> on Linux file systems. That negates the point of my previous post regarding the need
> to add IFL to a distribution for such purpose. I was not aware of its ability to
> handle this kind of encryption. Where was this new feature pointed out? Is there a
> more extensive changelog than this one:
>
> http://www.terabyteunlimited.com/upgrad ... -linux.htm
Changes to the IFL boot disk itself (as opposed to the IFL program) are listed in the file boot_disk_changes.txt in the help directory of the extracted IFL zip files (Ifl_en.zip, ifl_en_gui.zip, etc.). The boot disk is not necessarily updated on every IFL release.
>
> > "I'm not sure what you are referring to as a "portable" version
> of IFL..."
>
> As in the KnowledgeBase article I referenced in previous post, I had in mind, not a
> bootable installation such as already exists, but an image with IFL already set up to
> be used by any Linux distribution simply by copying it to a small USB drive and
> inserting it in a machine running some Linux OS. then, instead of installing the
> program to this distribution such as the article described, it would be ready-made
> IFL program, fully featured, and capable of doing backups/restores of unmounted
> drives from within the running OS. Maybe this would not work as I roughly envisioned
> it, but I wanted to throw it out there for thought.
That would have to be looked into, since problems could come up depending on the distro involved. It still wouldn't be completely self contained, since IFL will still require certain packages to be installed on the distro, depending on what you're doing. These are not included with IFL, both for size reasons, and shared lib compatibility reasons.
Re: Portable IFL media & encryption
Hi, Tom.
> "...[changes] are listed in the file boot_disk_changes.txt"
I found it now. Now that I know what to look for, I will give closer attention to it from now on. I see listed in the current info two important changes affecting my system: number one fixed a problem I had during boot, as you may recall (Thank you for that, again); number four shows the integration of dm-crypt and LVM, both of which I now have need of here. Exactly what is the fifth item about?
1. Updated Linux kernel to 3.14.5. Disabled CONFIG_MD_AUTODETECT option to
prevent hang during boot on some systems. This feature not required for
boot disk operation.
2. Updated mdadm to v3.3-120-g20d430c git version (5/22/14).
3. Updated e2fsprogs and shared libs to version 1.42.10.
4. Added cryptsetup and libcryptsetup to support opening LUKS containers on
the boot disk. Also added luks-lvm script to simplify task of making LVM
volumes inside a LUKS contaner visible to the IFL program.
5. Created private version of the IFL GUI boot disk. <----------------------- ????
6. Other misc.
om.
> "...[changes] are listed in the file boot_disk_changes.txt"
I found it now. Now that I know what to look for, I will give closer attention to it from now on. I see listed in the current info two important changes affecting my system: number one fixed a problem I had during boot, as you may recall (Thank you for that, again); number four shows the integration of dm-crypt and LVM, both of which I now have need of here. Exactly what is the fifth item about?
1. Updated Linux kernel to 3.14.5. Disabled CONFIG_MD_AUTODETECT option to
prevent hang during boot on some systems. This feature not required for
boot disk operation.
2. Updated mdadm to v3.3-120-g20d430c git version (5/22/14).
3. Updated e2fsprogs and shared libs to version 1.42.10.
4. Added cryptsetup and libcryptsetup to support opening LUKS containers on
the boot disk. Also added luks-lvm script to simplify task of making LVM
volumes inside a LUKS contaner visible to the IFL program.
5. Created private version of the IFL GUI boot disk. <----------------------- ????
6. Other misc.
om.
-
TeraByte Support(TP)
- Posts: 305
- Joined: Wed Aug 31, 2011 4:22 pm
Re: Portable IFL media & encryption
P19 wrote:
> Hi, Tom.
> > "...[changes] are listed in the file boot_disk_changes.txt"
>
> I found it now. Now that I know what to look for, I will give closer attention to it
> from now on. I see listed in the current info two important changes affecting my
> system: number one fixed a problem I had during boot, as you may recall (Thank you
> for that, again); number four shows the integration of dm-crypt and LVM, both of
> which I now have need of here. Exactly what is the fifth item about?
Looking at it now, that item shouldn't be in that file. It has nothing to do with the regular released version.
> Hi, Tom.
> > "...[changes] are listed in the file boot_disk_changes.txt"
>
> I found it now. Now that I know what to look for, I will give closer attention to it
> from now on. I see listed in the current info two important changes affecting my
> system: number one fixed a problem I had during boot, as you may recall (Thank you
> for that, again); number four shows the integration of dm-crypt and LVM, both of
> which I now have need of here. Exactly what is the fifth item about?
Looking at it now, that item shouldn't be in that file. It has nothing to do with the regular released version.