Encrypted LVM partitions
Kurt Granroth
plug-discuss at granroth.org
Sun Sep 17 15:15:54 MST 2006
Does anybody here have any experience with encrypted lvm partitions
mounted at system startup? I'm running SUSE 10.1 (inside of VMware) and
I want to have an entirely encrypted system where *every* partition is
encrypted. I am most of the way there but can't seem to get to the next
step.
Here's what I have:
/dev/sdb2 -> cryptsetup-luks -> /dev/mapper/root
/dev/sda2 -> cryptsetup-luks -> /dev/mapper/swap
/dev/mapper/system-home -> cryptsetup-luks -> /dev/mapper/home
/dev/mapper/system-shared -> cryptsetup-luks -> /dev/mapper/shared
I used the instructions on the OpenSUSE site to get the encrypted root
and swap partitions to work using a modified 'mkinitrd'.
http://en.opensuse.org/Encrypted_Root_File_System_with_SUSE_HOWTO
That part is working like a charm. When I boot, I am presented with an
opportunity to enter my password. On doing so, it decrypts my root and
swap partitions, mounts them, and continues.
Once booted, I can map my LVM partitions to the cryptsetup ones
(system-home to home and system-shared to shared). I can then mount the
decrypted mappings (home and shared) to the proper directories and
everything works great.
The problem comes when I try to mount those LVM partitions during the
boot process. When it comes time to mount them, I am presented with a
password prompt... but no password works. I am nearly certain that it's
because the /dev/mapper/system-{home|shared} LVM devices don't yet exist
in the initrd process.
But how? I'm missing some crucial step, it seems, in figuring out how
to get this all to work.
Any clues?
Kurt
More information about the PLUG-discuss
mailing list