Encrypted LVM partitions
Kenneth
madhse at yahoo.com
Sun Sep 17 15:27:29 MST 2006
I don't have any experience with encrypted filesystems, but if some devices
are not set up, maybe that should be done in the initrd.
I know if you run a distro that uses udev and wants to run it from the
initrd, and you try to start up with a kernel without that initrd, you don't
get any device files at all, so it doesn't get very far.
--- Kurt Granroth <plug-discuss at granroth.org> wrote:
> Does anybody here have any experience with encrypted lvm partitions
> mounted at system startup? I'm running SUSE 10.1 (inside of VMware) and
> I want to have an entirely encrypted system where *every* partition is
> encrypted. I am most of the way there but can't seem to get to the next
> step.
>
> Here's what I have:
>
> /dev/sdb2 -> cryptsetup-luks -> /dev/mapper/root
> /dev/sda2 -> cryptsetup-luks -> /dev/mapper/swap
> /dev/mapper/system-home -> cryptsetup-luks -> /dev/mapper/home
> /dev/mapper/system-shared -> cryptsetup-luks -> /dev/mapper/shared
>
> I used the instructions on the OpenSUSE site to get the encrypted root
> and swap partitions to work using a modified 'mkinitrd'.
>
> http://en.opensuse.org/Encrypted_Root_File_System_with_SUSE_HOWTO
>
> That part is working like a charm. When I boot, I am presented with an
> opportunity to enter my password. On doing so, it decrypts my root and
> swap partitions, mounts them, and continues.
>
> Once booted, I can map my LVM partitions to the cryptsetup ones
> (system-home to home and system-shared to shared). I can then mount the
> decrypted mappings (home and shared) to the proper directories and
> everything works great.
>
> The problem comes when I try to mount those LVM partitions during the
> boot process. When it comes time to mount them, I am presented with a
> password prompt... but no password works. I am nearly certain that it's
> because the /dev/mapper/system-{home|shared} LVM devices don't yet exist
> in the initrd process.
>
> But how? I'm missing some crucial step, it seems, in figuring out how
> to get this all to work.
>
> Any clues?
>
> Kurt
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the PLUG-discuss
mailing list