From: Moji <lordmoji@gmail.com>
To: dm-crypt@saout.de
Cc: Ross Boylan <ross@biostat.ucsf.edu>
Subject: Re: [dm-crypt] type one password, get many
Date: Mon, 17 Aug 2009 02:14:51 +0300 [thread overview]
Message-ID: <4A8892EB.601@gmail.com> (raw)
In-Reply-To: <1250456909.10115.23.camel@corn.betterworld.us>
I do not know if this is easier, but it has come up recently in
discussions over the strength of large volumes using the same key.
You might consider making the encrypted device on the partition, and
then creating LVM over a set of encrypted devices.
I have a luks encrypted root partition, and for a long time it has
worked very well. I enter my password at boot and everything runs very
smoothly.
-MJ
Ross Boylan wrote:
> On Sun, 2009-08-16 at 21:44 +0200, Jonas Meurer wrote:
>> neither crypt keys nor passwords are stored in the initramfs. you
>> don't
>> even need cryptsetup magic in the initramfs for encrypted non-root
>> partitions. the only partition that needs to be decrypted within the
>> initramfs is the root partition.
> If I have a LUKS encrypted root partition, will things just work?
> I.e., when the initrd pivots, will I get a request for the passphrase of
> the root partition and then it will proceed to boot as normal (and read
> keys from /etc/cryptab to mount the other partitions)?
>
> If I need to do more, some pointers would be great.
>
> It would be LUKS on top of LVM on top of software RAID.
>
> I believe to convert my to encrypted I'd need to make a new LVM volume,
> create an encrypted device on top of it, and copy. Is there an easier
> way?
>
> Thanks.
> Ross
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>
next prev parent reply other threads:[~2009-08-16 23:14 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-14 17:19 [dm-crypt] type one password, get many Ross Boylan
2009-08-14 19:09 ` Ross Boylan
2009-08-14 20:41 ` Ross Boylan
2009-08-16 19:44 ` Jonas Meurer
2009-08-16 21:08 ` Ross Boylan
2009-08-16 23:14 ` Moji [this message]
2009-08-17 14:42 ` Jonas Meurer
2009-08-15 11:39 ` Moji
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A8892EB.601@gmail.com \
--to=lordmoji@gmail.com \
--cc=dm-crypt@saout.de \
--cc=ross@biostat.ucsf.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox