From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dgbaley27@0x01b.net>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ADsc_wSNVU0E for <dm-crypt@saout.de>;
 Sat, 15 Sep 2012 03:09:10 +0200 (CEST)
Received: from mail-oa0-f50.google.com (mail-oa0-f50.google.com
 [209.85.219.50])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Sat, 15 Sep 2012 03:09:09 +0200 (CEST)
Received: by oagi10 with SMTP id i10so3949586oag.37
 for <dm-crypt@saout.de>; Fri, 14 Sep 2012 18:09:08 -0700 (PDT)
Sender: Matthew Monaco <matt@0x01b.net>
Message-ID: <5053D531.1000508@0x01b.net>
Date: Fri, 14 Sep 2012 19:09:05 -0600
From: Matthew Monaco <dgbaley27@0x01b.net>
MIME-Version: 1.0
References: <50378927.7090508@gmail.com>
 <20120824144028.GB2407@fancy-poultry.org> <20120824151439.GA30694@tansi.org>
 <CAK5fS_Hf=DigoTopgUZ9FJA3QVXCre-Nn1Z0LEFL+kwRL+LtGg@mail.gmail.com>
 <20120905130125.GB11942@tansi.org>
 <CAK5fS_Ehqsmm8jSirDJ7G-ix435dxrhmEd52D_t4jLOVvk3+4w@mail.gmail.com>
 <20120906164659.GA20640@tansi.org> <20120906175309.GA1621@fancy-poultry.org>
 <20120906195810.GA24770@tansi.org>
 <CAK5fS_EtiBTgj7inr875UJ2N2s-1qY8qA4hHRxE5+0VhFXgaUA@mail.gmail.com>
 <20120907190453.GA27798@tansi.org>
 <CAK5fS_GxUKj=RgUpYA6tdKEsa-XKq6_a_=dns+L5o89h1N1V6w@mail.gmail.com>
 <504AED40.2010102@gmail.com>
 <CAK5fS_FQMWe04TG1AN30fkwLd5nVts-6ZADLk+E1TXeFJjZntQ@mail.gmail.com>
 <CAK5fS_FEvCn6vorxdFqu72J-h8F9eeu+PNY=6xA1gHOGvF1hnw@mail.gmail.com>
In-Reply-To: <CAK5fS_FEvCn6vorxdFqu72J-h8F9eeu+PNY=6xA1gHOGvF1hnw@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] Encrypt all partitions with dm-crypt
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 09/14/2012 06:52 PM, Stayvoid wrote:
> Arno,
> 
> I'm not sure that I got the idea. How to access encrypted partitions after
> booting? And how to unmount / encrypt / temporary disable them? (I hope that
> my terminology is clear.) In other words, what's the usage pattern?
> 

Assuming you've run luksFormat on some block device (/dev/sda2), and you're
booted into your initrd.

# cryptsetup luksOpen /dev/sda2 root

will create a new block device at /dev/mapper/root.

So you've used the kernel device mapper to map one block device into another
block device. You then proceed with /dev/mapper/root as if it's another other
block device.

So you (or your distro rather) needs to do something like

# mount /dev/mapper/root /mnt
# switch_root /mnt /sbin/init

The distribution you use will affect exactly how you configure this because it's
not standard. (It'd be great if cryptsetup at least provided some sort of
reference parser for /etc/crypttab, but they feel it's out of scope, so this
standardization is being done by systemd. That said, root [and /usr] is going to
be a little different than everything else)