From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <matt@0x01b.net>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id kULzMftlI1gj for <dm-crypt@saout.de>;
 Sat, 15 Sep 2012 03:10:41 +0200 (CEST)
Received: from mail-ob0-f178.google.com (mail-ob0-f178.google.com
 [209.85.214.178])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Sat, 15 Sep 2012 03:10:41 +0200 (CEST)
Received: by obbwd20 with SMTP id wd20so8378891obb.37
 for <dm-crypt@saout.de>; Fri, 14 Sep 2012 18:10:40 -0700 (PDT)
Message-ID: <5053D58D.5070304@0x01b.net>
Date: Fri, 14 Sep 2012 19:10:37 -0600
From: Matthew Monaco <matt@0x01b.net>
MIME-Version: 1.0
References: <50378927.7090508@gmail.com>
 <20120824144028.GB2407@fancy-poultry.org> <20120824151439.GA30694@tansi.org>
 <CAK5fS_Hf=DigoTopgUZ9FJA3QVXCre-Nn1Z0LEFL+kwRL+LtGg@mail.gmail.com>
 <20120905130125.GB11942@tansi.org>
 <CAK5fS_Ehqsmm8jSirDJ7G-ix435dxrhmEd52D_t4jLOVvk3+4w@mail.gmail.com>
 <20120906164659.GA20640@tansi.org> <20120906175309.GA1621@fancy-poultry.org>
 <20120906195810.GA24770@tansi.org>
 <CAK5fS_EtiBTgj7inr875UJ2N2s-1qY8qA4hHRxE5+0VhFXgaUA@mail.gmail.com>
 <20120907190453.GA27798@tansi.org>
 <CAK5fS_GxUKj=RgUpYA6tdKEsa-XKq6_a_=dns+L5o89h1N1V6w@mail.gmail.com>
 <504AED40.2010102@gmail.com>
 <CAK5fS_FQMWe04TG1AN30fkwLd5nVts-6ZADLk+E1TXeFJjZntQ@mail.gmail.com>
 <CAK5fS_FEvCn6vorxdFqu72J-h8F9eeu+PNY=6xA1gHOGvF1hnw@mail.gmail.com>
 <5053D531.1000508@0x01b.net>
In-Reply-To: <5053D531.1000508@0x01b.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] Encrypt all partitions with dm-crypt
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 09/14/2012 07:09 PM, Matthew Monaco wrote:
> On 09/14/2012 06:52 PM, Stayvoid wrote:
>> Arno,
>>
>> I'm not sure that I got the idea. How to access encrypted partitions after
>> booting? And how to unmount / encrypt / temporary disable them? (I hope that
>> my terminology is clear.) In other words, what's the usage pattern?
>>
> 
> Assuming you've run luksFormat on some block device (/dev/sda2), and you're
> booted into your initrd.
> 
> # cryptsetup luksOpen /dev/sda2 root
> 
> will create a new block device at /dev/mapper/root.
> 
> So you've used the kernel device mapper to map one block device into another
> block device. You then proceed with /dev/mapper/root as if it's another other
> block device.
> 

Sorry, I meant "any other" block device.

> So you (or your distro rather) needs to do something like
> 
> # mount /dev/mapper/root /mnt
> # switch_root /mnt /sbin/init
> 
> The distribution you use will affect exactly how you configure this because it's
> not standard. (It'd be great if cryptsetup at least provided some sort of
> reference parser for /etc/crypttab, but they feel it's out of scope, so this
> standardization is being done by systemd. That said, root [and /usr] is going to
> be a little different than everything else)
>