From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-vw0-f50.google.com (mail-vw0-f50.google.com [209.85.212.50]) by mail.saout.de (Postfix) with ESMTP for ; Sun, 7 Mar 2010 02:27:26 +0100 (CET) Received: by vws2 with SMTP id 2so643386vws.37 for ; Sat, 06 Mar 2010 17:27:25 -0800 (PST) Message-ID: <4B9300FC.4090503@gmail.com> Date: Sat, 06 Mar 2010 20:27:24 -0500 From: Scott Castaline MIME-Version: 1.0 References: <4B9294CC.10501@gmail.com> <4B92AC30.5030304@redhat.com> In-Reply-To: <4B92AC30.5030304@redhat.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Need some suggestions on large drives List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt On 03/06/2010 02:25 PM, Milan Broz wrote: > On 03/06/2010 06:45 PM, Scott Castaline wrote: >> First, does anyone know how Fedora 12's installer installs LUKS with >> LVM2? Do they do LUKS over LVM2 or LVM2 over LUKS? > > You can (manually) configure both modes during partitioning, > the "encrypt whole system" checkbox will create partition, LUKS on it, > and over it LVM2 with root + swap LV. > > Anaconda (Fedora installer) developers decided to use aes-xts-plain > with 512 bits key (IOW AES256 in XTS mode). > Is there a way to change it to another cipher? I'm asking as I might redo my install or I might just back up all filesystems on the 1st VG and then manually do the LUKS/LVM2 prep and then restore my system. >> Finally, as mentioned in the second paragraph, I have /var as seperate >> LV which is within an encrypted VG. The LV is not additionally >> encrypted, I had to expand the LV using free space from the 1st VG. I >> did it through the GUI for LVM2. > > Not sure what's GUI - if it is system-config-lvm, it doesn't suport LUKS yet, > so you must be very careful. (and there were nasty bugs in this GUI, should > be fixed in recent version though). > Too late for the warning, I had already done it. It fails only on boot right where it starts loading mods and starting services. It goes by fairly quick so I can't catch what is above the red [FAILED] and it does not show up in any of the logs that I've been able to find. All I've been able to see is a reference about /var is busy and already mounted then under that line is the red [FAILED]. I was thinking that it's trying to do a fsck, so that's why I'm trying to do it manually. > But because LUKS have no underlying device size stored in header, > simply reactivate will reload the proper device size. > (or use cryptsetup resize command for online change). > > ... >> execute "e2fsck -VCa mapped-device", but I wasn't able to unmount the LV. > then you maybe need to run it from recovery or LiveCD. > (online resize LV is not problem, online resize FS on it - depends on configuration, > ext3 should allow online extension) > Everything seems to be ok as if I check sizes and such it comes back with all the right info, but I'm not sure if it's reporting just the LV or the filesystem. > Milan