[dm-crypt] Encrypted LVs /root, /home, and swap mount at boot, as does 'shared' data LV but without write access?

Milan Broz gmazyland at gmail.com
Mon Apr 28 06:15:01 CEST 2014


On 04/27/2014 11:20 PM, Dáire Fagan wrote:
> Hi
> 
> I have asked for support on the Ubuntu forums, and many non distro
> linux forums, I thought someone here might be able to help me as I am
> trying to mount a logical volume with write access that is part of a
> crypsetup encrypted physical volume - I figured people on this mailing
> list would have experience of this.

According to list of your devices, it is activated as read/write.
(Check it from the bottom to up - use lsblk to display volume stack
and then "dmsetup info", "cryptsetup status <dev>", lvs/lvdisplay, mount
should verify that all layers are activated properly.)

Anyway, it is distro specific how to properly update initramfs
to activate volume on boot...
(On Debian this works quite nice so I see no reason Ubuntu should differ here,
but really, this is not Ubuntu support forum.)

Check /etc/fstab and /etc/crypttab (crypt device must be there).
Also check access rights to device nodes and directory where are you mounting fs.

BTW you can probably change activated name in /etc/crypttab.

> Is the encryption method I used best practice?
...
>>> When I do this over I will run cryptsetup benchmark first to see which
>>> iteration and algorithm works best for my system.

Be sure you understand consequences of switching parameters
(it is not only about speed).
It is better to stick with defaults if you are not sure.

Milan


More information about the dm-crypt mailing list