[dm-crypt] type one password, get many

Jonas Meurer jonas at freesources.org
Mon Aug 17 16:42:24 CEST 2009


On 16/08/2009 Ross Boylan wrote:
> On Sun, 2009-08-16 at 21:44 +0200, Jonas Meurer wrote:
> > neither crypt keys nor passwords are stored in the initramfs. you
> > don't
> > even need cryptsetup magic in the initramfs for encrypted non-root
> > partitions. the only partition that needs to be decrypted within the
> > initramfs is the root partition.
>
> If I have a LUKS encrypted root partition, will things just work?
> I.e., when the initrd pivots, will I get a request for the passphrase of
> the root partition and then it will proceed to boot as normal (and read
> keys from /etc/cryptab to mount the other partitions)?

yes, it should work exactly the way you described it.

> It would be LUKS on top of LVM on top of software RAID.

i didn't test such a setup myself yet, but at least luks on top of lvm
works without any problems.

> I believe to convert my to encrypted I'd need to make a new LVM volume,
> create an encrypted device on top of it, and copy.  Is there an easier
> way?

i would not encrypt the partition on-the-fly for security reasons, so
yes the best way is to copy data from the unencrypted filesystem into a
new, encrypted one.

greetings,
 jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20090817/cc706068/attachment.bin>


More information about the dm-crypt mailing list