[dm-crypt] type one password, get many
jonas at freesources.org
Mon Aug 17 16:42:24 CEST 2009
On 16/08/2009 Ross Boylan wrote:
> On Sun, 2009-08-16 at 21:44 +0200, Jonas Meurer wrote:
> > neither crypt keys nor passwords are stored in the initramfs. you
> > don't
> > even need cryptsetup magic in the initramfs for encrypted non-root
> > partitions. the only partition that needs to be decrypted within the
> > initramfs is the root partition.
> If I have a LUKS encrypted root partition, will things just work?
> I.e., when the initrd pivots, will I get a request for the passphrase of
> the root partition and then it will proceed to boot as normal (and read
> keys from /etc/cryptab to mount the other partitions)?
yes, it should work exactly the way you described it.
> It would be LUKS on top of LVM on top of software RAID.
i didn't test such a setup myself yet, but at least luks on top of lvm
works without any problems.
> I believe to convert my to encrypted I'd need to make a new LVM volume,
> create an encrypted device on top of it, and copy. Is there an easier
i would not encrypt the partition on-the-fly for security reasons, so
yes the best way is to copy data from the unencrypted filesystem into a
new, encrypted one.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 197 bytes
Desc: Digital signature
More information about the dm-crypt