Sunday, June 29, 2008

Fedora 9 & Acer Aspire 5572 ZWXMi with encrypted file systems

This HOWTO is listed at
TuxMobil - Linux on Laptops, Notebooks, PDAs and Mobile Phones

A year has passed since installing Ubuntu Feisty on my Acer Aspire 5572 notebook and it was about time to try something new. With recent Linux distributions a lot of manual configuration tasks are not necessary anymore and things became even easier. There is no big difference between installing Ubuntu Feisty or a current Hardy on this laptop, except with Hardy almost everything works out of the box. But I wanted to try something different and I wanted encrypted file systems which are easy to set up. Fedora 9 has those features so I gave it a try. (Of course this would be possible, too with Ubuntu, but Fedora comes with an installer which handles file system encryption very nicely.) So here's my HOWTO on installing Fedora 9 with encrypted file systems on an Acer Aspire 5572 ZWXMi notebook.

If you have sensitive data on your notebook you might feel a bit safer with encrypted file systems. If you want to access encrypted file systems you have to enter the correct passphrase otherwise the data on that file system is not readable.
Of course there is a solution for Linux which is called LUKS (Linux Unified Key Setup). The Fedora installer anaconda features an easy way to set up this file system encryption. In the example given here, with the exception of "/boot", everything will be encrypted and thus you need to enter your LUKS passphrase at every boot to enter the "/" file system. Of course you may choose to encrypt "/home" or a data partition only. Then you would be able to boot without passphrase (but loosing access to those encrypted file systems). No matter what you choose to encrypt, be aware that you need to have a correct passphrase to access your data!

WARNING: WHEN USING ENCRYPTED FILE SYSTEMS, YOUR DATA WILL BE LOST WITHOUT CORRECT PASSPHRASE!!!

Keeping this in mind we can now continue. First of all download Fedora 9 from here. I'd recommend the Fedora Desktop Live CD. There will be a lot of updates right after installation and this way you'll only have a minimum amount of software installed and you're free to install everything you need after updating the initial installation. (I'd stay away from the KDE version, as it comes with KDE 4 which is not really ready for everyday use - believe me...)

Once the iso is downloaded and burned to CD you're ready to boot from this CD, which will bring you to a standard Fedora 9 GDM login screen. Choose your language there, log in and start the Fedora anaconda installer by double clicking the desktop icon. This will lead you through some simple questions like keyboard layout, timezone, host name and root password. When it comes to the partitioning your hard disk part, we need to do some custom layout, which you should choose from the drop down menu.


First, generate a small partition which is not encrypted for "/boot". I'd make it at least 100MB, but if space is no matter I'd give it some 250-500MB. This leaves room for a lot of kernels.


Then create a volume via LVM (Logical Volume Manager) which will later incorporate our logical volumes for "/", etc. So, create a new partition and choose "physical volume (LVM)" as file system type. I chose to use the remaining disk space as I didn't intend to install other OSes, but that depends on what you're planing. Don't forget to check "Encrypt"! After clicking "OK" you will be prompted for a password. Rember that password carefully, as you won't be able to access your encrypted data with out it!!!


So for now we have an empty volume group which we need to fill with logical volumes. To do so, highlight the volume group and click the "LVM" button. This will present a new screen which shows the physical partitions of this volume group at the upper part, and the incorporated logical volumes at the bottom. Well, the latter part should be empty, but we'll change this by hitting the "Add" button. You can now choose mount point, file system type and size. I created a 2048MB swap space, and two very large ext3 logical volumes for "/" and "/home" - but that's up to you!


When finished, click "OK" and you can then see the summery of what will be written to your disk. It may look something like this next screenshot.


We now created an encrypted physical volume (marked with the "lock") in which our logical volumes (like "/") reside. Click next and you need to confirm that those changes are written to disk. When everything is formatted Fedora will install files. After this the installer should tell you, that Fedora was successfully installed and it's time to reboot. Be careful not to boot from the Fedora Live CD again! On first boot, Fedoras assistant will come up, asking some simple questions and letting you create a user for your system. We now have Fedora 9 successfully installed!

Most things like screen resolution, sound and even standby and hibernating work out of the box. Again (like with Ubuntu Feisty), I have no idea if the card reader works, as I don't use it. There's one thing we need to put hands on: WLAN. But first, I'd recommend updating everything. For both tasks we need a wired internet connection for now. If internet connection is established and working, open a terminal, become root, update yum, drop to runlevel 3 and update the rest:
su -
yum update yum
init 3

(login again)
su -
yum update

This could take a while. When done reboot:
shutdown -r now

Now let's get our WLAN working! I found some very useful help at the Unofficial Guide to Fedora.

Make sure "b43-fwcutter" is installed:
rpm -qa | grep b43-fwcutter

If nothing is returned then install it by
su -
yum install b43-fwcutter

Create a temporary folder or just go to /tmp or whatever you like, download, extract and install the firmware:
cd /tmp
wget http://downloads.openwrt.org/sources/broadcom-wl-4.80.53.0.tar.bz2
tar -jxvf broadcom-wl-4.80.53.0.tar.bz2
su -
cd /tmp/broadcom-wl-4.80.53.0/kmod
/usr/bin/b43-fwcutter -w /lib/firmware wl_apsta.o

Restart NetworkManager by
su -
service NetworkManager restart

and you're ready to configure your WLAN via the NetworkManager applet at the top right of your screen!

If you don't need to access your laptop via ssh, I'd turn ssh daemon off (I found sshd enabled by default when installing from DVD, not when installing from Live CD. But just to make sure):
su -
service sshd stop
chkconfig --level 0123456 sshd off

And delete the corresponding firewall rule: SYSTEM -> ADMINISTRATION -> FIREWALL. Go to "Other Ports", delete "ssh" and click apply.


That's about it! You may add some extra yum repositories, like livna.org. Download the "Fedora 9 repository RPM" and install it via
su -
rpm -ihv /path/to/livna-release-9.rpm

Once installed, you can easily add MP3 support with
su -
yum install gstreamer-plugins-ugly libmad libid3tag id3v2

Have a look at the Unofficial Guide to Fedora for further tips and tricks.
You're done now. Have fun!

1 comment:

  1. [...] Recent public urls tagged "filesystems" → Fedora 9 & Acer Aspire 5572 ZWXMi with encrypted file systems [...]

    ReplyDelete