SSD cache breaks Anti Evil Maid completely
2,357 views
Skip to first unread message
Swâmi Petaramesh
Jan 3, 2017, 10:04:24 AM1/3/17
to qubes-users
Hi,
I added an SSD cache to my Qubes installation, following Eric Shelton's
instructions :
https://groups.google.com/forum/#!msg/qubes-users/ArHTEeQAH8A/r9zzY0DLBQAJ
It worked smoothly and well, and I can immediately see that my system
became much faster and responsive.
On the other hand, it completely broke my Anti-Evil-Maid installation.
Once the SSD cache is configured per instructions, if I try to boot with
AEM, it exits immediately to an emergency shell in initramfs,
complaining that it has found the root FS to be unexpectedly unencrypted
- most probably because AEM is unable to figure out the LVM cache setup
properly.
Uninstalling an reinstalling AEM after the cache is setup, unfortunately
doesn't help.
So I had to trade AEM for an SSD cache (which, in my own use case, is
not dramatically critical, anyway AEM didn't work properly on my HP
system...)
But I wanted to document this to the list : SSD cache works plain good,
but breaks AEM.
ॐ
--
Swâmi Petaramesh <sw...@petaramesh.org> PGP 9076E32E
I added an SSD cache to my Qubes installation, following Eric Shelton's
instructions :
https://groups.google.com/forum/#!msg/qubes-users/ArHTEeQAH8A/r9zzY0DLBQAJ
It worked smoothly and well, and I can immediately see that my system
became much faster and responsive.
On the other hand, it completely broke my Anti-Evil-Maid installation.
Once the SSD cache is configured per instructions, if I try to boot with
AEM, it exits immediately to an emergency shell in initramfs,
complaining that it has found the root FS to be unexpectedly unencrypted
- most probably because AEM is unable to figure out the LVM cache setup
properly.
Uninstalling an reinstalling AEM after the cache is setup, unfortunately
doesn't help.
So I had to trade AEM for an SSD cache (which, in my own use case, is
not dramatically critical, anyway AEM didn't work properly on my HP
system...)
But I wanted to document this to the list : SSD cache works plain good,
but breaks AEM.
ॐ
--
Swâmi Petaramesh <sw...@petaramesh.org> PGP 9076E32E
Andrew David Wong
Jan 3, 2017, 4:40:39 PM1/3/17
to Swâmi Petaramesh, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Thanks for the report! Added:
https://www.qubes-os.org/doc/anti-evil-maid/#known-issues
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYbBpLAAoJENtN07w5UDAwwakP/1lk5JU3mI5G35I4m+Df1MV6
XJmh0BndXXT/okyKRQVqCj0A/8whU9zZ7dEddKhGa9njJuEIn3gLlG7DiknxAKtf
P+wa2OlhKeY5+y2v3fMqxZvjgdOlJIEsOdSc40tJXLxidqY9huE2vlkRvxrj+6Zp
4rcn932Qg+22GMjdor/e+cRAaVAhebdzoTtYDbo3OokXMF0rze6B1NpRsyzKW7iF
uBSqMt6Xxmm4cVBbnXtehdubFDETJvxdZ+oRVOwir7hPK+xhc4bCv6EbZDL9BmZA
5hYJ5sHkcGR7BT5f1ShDZWk5hrvSNk5JmiCZTxXxeEGOrDcd/H/DtcCp2/0Xpc7n
ZZBQyXunfnIx/kmFCudzpgOwWV01hl6FXzjQFb17TT918/66U2Z+ZIO8H/qAzF83
sibHRJtQ9uR22tT0ZLios7Kx+p0TKGAGjC+pApf2MXunFsVTaCzFi8NQTyvTR87B
cnlagAdo+6hsInBo37VAZOo8AzP8+L5TntOOsLiPp8T+6DvYmmYr+0P2y7C/Mg42
NOB6xOHVk1dQzkpPIW50bZWkpX8uCWFQKLFK8fp59TXPdYdYU1lLhDkhjaqnK1sD
xKjKQ53Tiqb6ALJt3fa1YOUwD7Fez3pC7gXx5DPQhHQTfrHj5rJdbMr0BGAAH1xJ
aBkr+BVJPo3hb1Lv97rG
=uxnl
-----END PGP SIGNATURE-----
Hash: SHA512
https://www.qubes-os.org/doc/anti-evil-maid/#known-issues
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYbBpLAAoJENtN07w5UDAwwakP/1lk5JU3mI5G35I4m+Df1MV6
XJmh0BndXXT/okyKRQVqCj0A/8whU9zZ7dEddKhGa9njJuEIn3gLlG7DiknxAKtf
P+wa2OlhKeY5+y2v3fMqxZvjgdOlJIEsOdSc40tJXLxidqY9huE2vlkRvxrj+6Zp
4rcn932Qg+22GMjdor/e+cRAaVAhebdzoTtYDbo3OokXMF0rze6B1NpRsyzKW7iF
uBSqMt6Xxmm4cVBbnXtehdubFDETJvxdZ+oRVOwir7hPK+xhc4bCv6EbZDL9BmZA
5hYJ5sHkcGR7BT5f1ShDZWk5hrvSNk5JmiCZTxXxeEGOrDcd/H/DtcCp2/0Xpc7n
ZZBQyXunfnIx/kmFCudzpgOwWV01hl6FXzjQFb17TT918/66U2Z+ZIO8H/qAzF83
sibHRJtQ9uR22tT0ZLios7Kx+p0TKGAGjC+pApf2MXunFsVTaCzFi8NQTyvTR87B
cnlagAdo+6hsInBo37VAZOo8AzP8+L5TntOOsLiPp8T+6DvYmmYr+0P2y7C/Mg42
NOB6xOHVk1dQzkpPIW50bZWkpX8uCWFQKLFK8fp59TXPdYdYU1lLhDkhjaqnK1sD
xKjKQ53Tiqb6ALJt3fa1YOUwD7Fez3pC7gXx5DPQhHQTfrHj5rJdbMr0BGAAH1xJ
aBkr+BVJPo3hb1Lv97rG
=uxnl
-----END PGP SIGNATURE-----
Message has been deleted
motech man
Jun 20, 2017, 9:35:55 PM6/20/17
to qubes-users
On Tuesday, June 20, 2017 at 8:34:51 PM UTC-5, motech man wrote:
> I'm new to qubes but in my seaches to get up to speed (seems like I'll never see the light of day again after starting down the Qubes rabbit hole!) I noticed this post and when researching what AEM is found this on the Qubes website:
>
> o - If you are using LUKS with LVM, you must encrypt the whole volume group
> instead of each volume, or else AEM will fail to boot.
>
> Could this be why your AEM no longer works? Just a thought, disregard if not applicable. That same qubes web page also says AEM requires legacy boot, which I will not use. Shame, AEM sounds useful, tho I suspect UEFI may be better. NOt sure how TPM fits into this yet, one more thing to find out about. My mobo supports it being bleeding edge new.
> I'm new to qubes but in my seaches to get up to speed (seems like I'll never see the light of day again after starting down the Qubes rabbit hole!) I noticed this post and when researching what AEM is found this on the Qubes website:
>
> o - If you are using LUKS with LVM, you must encrypt the whole volume group
> instead of each volume, or else AEM will fail to boot.
>
> Could this be why your AEM no longer works? Just a thought, disregard if not applicable. That same qubes web page also says AEM requires legacy boot, which I will not use. Shame, AEM sounds useful, tho I suspect UEFI may be better. NOt sure how TPM fits into this yet, one more thing to find out about. My mobo supports it being bleeding edge new.
Forgot to post the link to the qubes article: https://github.com/QubesOS/qubes-antievilmaid/tree/master/anti-evil-maid
Reply all
Reply to author
Forward
0 new messages