1. Forum
  2. Usenet
  3. LINUX.DEBIAN.MAINT.BOOT

  • Bug#1033688: installation-reports: full-disk encryption partitioning ta

    From Andres Salomon@21:1/5 to dilinger@queued.net on Fri Mar 31 00:30:01 2023
    This didn't make it to the list due to attachment size. For
    attachments, see
    https://bugs.debian.org/1033688

    On Thu, Mar 30 2023 at 02:36:48 AM -04:00:00, Andres Salomon <dilinger@queued.net> wrote:
    Package: installation-reports

    Boot method: usb stick
    Image version: March 26 2023 image (https://cdimage.debian.org/cdimage/daily-builds/daily/arch-latest/amd64/iso-cd/debian-testing-amd64-netinst.iso)
    Date: March 30th 2023 02:30am

    Machine: Dell Latitude E7470
    Processor: Intel i5-6300U
    Memory: 16GB
    Partitions:

    Disk /dev/nvme0n1: 238.47 GiB, 256060514304 bytes, 500118192 sectors
    Disk model: Micron 2200S NVMe 256GB
    Units: sectors of 1 * 512 = 512 bytes
    Sector size (logical/physical): 512 bytes / 512 bytes
    I/O size (minimum/optimal): 512 bytes / 512 bytes
    Disklabel type: gpt
    Disk identifier: EB75FC3A-C6E7-444E-BAB5-1255ABE5BF4D

    Device Start End Sectors Size Type
    /dev/nvme0n1p1 2048 1050623 1048576 512M EFI System
    /dev/nvme0n1p2 1050624 2050047 999424 488M Linux filesystem /dev/nvme0n1p3 2050048 500117503 498067456 237.5G Linux filesystem


    Output of lspci -knn (or lspci -nn):

    00:00.0 Host bridge [0600]: Intel Corporation Xeon E3-1200 v5/E3-1500
    v5/6th Gen Core Processor Host Bridge/DRAM Registers [8086:1904] (rev
    08)
    Subsystem: Dell Latitude E7470 [1028:06dc]
    Kernel driver in use: skl_uncore
    00:02.0 VGA compatible controller [0300]: Intel Corporation Skylake
    GT2 [HD Graphics 520] [8086:1916] (rev 07)
    DeviceName: Onboard IGD
    Subsystem: Dell Latitude E7470 [1028:06dc]
    Kernel driver in use: i915
    Kernel modules: i915
    00:04.0 Signal processing controller [1180]: Intel Corporation Xeon
    E3-1200 v5/E3-1500 v5/6th Gen Core Processor Thermal Subsystem
    [8086:1903] (rev 08)
    Subsystem: Dell Latitude E7470 [1028:06dc]
    Kernel driver in use: proc_thermal
    Kernel modules: processor_thermal_device_pci_legacy
    00:14.0 USB controller [0c03]: Intel Corporation Sunrise Point-LP USB
    3.0 xHCI Controller [8086:9d2f] (rev 21)
    Subsystem: Dell Latitude E7470 [1028:06dc]
    Kernel driver in use: xhci_hcd
    Kernel modules: xhci_pci
    00:14.2 Signal processing controller [1180]: Intel Corporation
    Sunrise Point-LP Thermal subsystem [8086:9d31] (rev 21)
    Subsystem: Dell Latitude E7470 [1028:06dc]
    Kernel driver in use: intel_pch_thermal
    Kernel modules: intel_pch_thermal
    00:16.0 Communication controller [0780]: Intel Corporation Sunrise
    Point-LP CSME HECI #1 [8086:9d3a] (rev 21)
    Subsystem: Dell Latitude E7470 [1028:06dc]
    Kernel driver in use: mei_me
    Kernel modules: mei_me
    00:16.3 Serial controller [0700]: Intel Corporation Sunrise Point-LP
    Active Management Technology - SOL [8086:9d3d] (rev 21)
    Subsystem: Dell Sunrise Point-LP Active Management Technology - SOL [1028:06dc]
    Kernel driver in use: serial
    00:17.0 SATA controller [0106]: Intel Corporation Sunrise Point-LP
    SATA Controller [AHCI mode] [8086:9d03] (rev 21)
    Subsystem: Dell Latitude E7470 [1028:06dc]
    Kernel driver in use: ahci
    Kernel modules: ahci
    00:1c.0 PCI bridge [0604]: Intel Corporation Sunrise Point-LP PCI
    Express Root Port #5 [8086:9d14] (rev f1)
    Subsystem: Dell Sunrise Point-LP PCI Express Root Port [1028:06dc]
    Kernel driver in use: pcieport
    00:1d.0 PCI bridge [0604]: Intel Corporation Sunrise Point-LP PCI
    Express Root Port #9 [8086:9d18] (rev f1)
    Subsystem: Dell Sunrise Point-LP PCI Express Root Port [1028:06dc]
    Kernel driver in use: pcieport
    00:1d.2 PCI bridge [0604]: Intel Corporation Sunrise Point-LP PCI
    Express Root Port #11 [8086:9d1a] (rev f1)
    Subsystem: Dell Sunrise Point-LP PCI Express Root Port [1028:06dc]
    Kernel driver in use: pcieport
    00:1f.0 ISA bridge [0601]: Intel Corporation Sunrise Point-LP LPC
    Controller [8086:9d48] (rev 21)
    Subsystem: Dell Latitude E7470 [1028:06dc]
    00:1f.2 Memory controller [0580]: Intel Corporation Sunrise Point-LP
    PMC [8086:9d21] (rev 21)
    Subsystem: Dell Latitude E7470 [1028:06dc]
    00:1f.3 Audio device [0403]: Intel Corporation Sunrise Point-LP HD
    Audio [8086:9d70] (rev 21)
    Subsystem: Dell Latitude E7470 [1028:06dc]
    Kernel driver in use: snd_hda_intel
    Kernel modules: snd_hda_intel, snd_soc_skl, snd_sof_pci_intel_skl 00:1f.4 SMBus [0c05]: Intel Corporation Sunrise Point-LP SMBus
    [8086:9d23] (rev 21)
    Subsystem: Dell Latitude E7470 [1028:06dc]
    Kernel driver in use: i801_smbus
    Kernel modules: i2c_i801
    00:1f.6 Ethernet controller [0200]: Intel Corporation Ethernet
    Connection I219-LM [8086:156f] (rev 21)
    Subsystem: Dell Latitude E7470 [1028:06dc]
    Kernel driver in use: e1000e
    Kernel modules: e1000e
    01:00.0 Network controller [0280]: Intel Corporation Wireless 7265 [8086:095a] (rev 59)
    Subsystem: Intel Corporation Dual Band Wireless-AC 7265 [8086:5410]
    Kernel driver in use: iwlwifi
    Kernel modules: iwlwifi
    02:00.0 Non-Volatile memory controller [0108]: Micron Technology Inc
    Device [1344:5410] (rev 01)
    Subsystem: Micron Technology Inc Device [1344:0100]
    Kernel driver in use: nvme
    Kernel modules: nvme
    03:00.0 Unassigned class [ff00]: Realtek Semiconductor Co., Ltd.
    RTS525A PCI Express Card Reader [10ec:525a] (rev 01)
    Subsystem: Dell Latitude E7470 [1028:06dc]
    Kernel driver in use: rtsx_pci
    Kernel modules: rtsx_pci


    Base System Installation Checklist:
    [O] = OK, [E] = Error (please elaborate below), [ ] = didn't try it

    Initial boot: [O]
    Detect network card: [O]
    Configure network: [O]
    Detect media: [O]
    Load installer modules: [O]
    Detect hard drives: [O]
    Partition hard drives: [E]
    Install base system: [O]
    Clock/timezone setup: [O]
    User/password setup: [O]
    Install tasks: [O]
    Install boot loader: [O]
    Overall install: [O]

    Comments/Problems:


    With my first install on this machine (submitted separately with a
    cleaned up process as #1033686), I was planning to use full-disk
    encryption. However, erasing the root partition took way too long;
    after 10 mins I gave up, canceled it, hit the back button, and
    installed the machine with unencrypted partitions.

    Specifically, the wiping process to prevent meta-information leaks is
    so painfully slow that it changed my decision around system security
    of a new install. An attempt to make a new install more secure
    (guarding against meta-info leaks) resulted in an overall *less
    secure* installation (giving up on even using full disk encryption).
    I don't know if it's pulling random info from /dev/random when it
    might be better off using /dev/urandom, or there should be a message
    telling the user to wiggle the mouse/hit keys to speed up the wiping
    process, or my NVMe drive is just really slow and there should be an
    option to skip the step or what, but it seems like an important issue
    to address.

    In addition to the long wait, the (english) message for this wiping
    step is messed up; I've attached a picture. It says it is running "to
    prevent meta-information leaks from" and then what looks like a red upside-down exclamation mark.

    For this install, I ran a stopwatch while partman did its wiping of
    the partition. It took 23 minutes and 13 seconds to wipe a roughly
    255gb partition. That's for that step alone; the total rest of the
    install (which included installing the base system and gnome) took
    less than 10 mins including pauses for user prompts.




    /var/log/installer is attached in installer.tar.gz.




    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)