[dm-crypt] Encrypted Raid 1 Btrfs on *Single Drive*

.. ink .. mhogomchungu at gmail.com
Fri Mar 14 13:00:36 CET 2014


On Fri, Mar 14, 2014 at 7:09 AM, Jorge Fábregas <jorge.fabregas at gmail.com>wrote:

>
>

> # cryptsetup luksFormat /dev/sdc  (my external drive)
>
> # cryptsetup luksOpen /dev/sdc vault
>
> # fdisk /dev/mapper/vault
> ...and created two partitions of equal size
> ...afterwards I got /dev/mapper/vault1 & vault2
>
> I think somehow,the kpartx step was done here and this is evident by the
existence of
/dev/mapper/vault1 & vault2


> I tried lucksClose with vault1 & vault2 before attempting to close vault
> but couldn't.  I had to:
>
> # dmsetup remove vault1
> # dmsetup remove vault2
> # dmsetup remove vault
>
> I think here,you should have done:
kpartx -d /dev/mapper/vault
cryptsetup luksClose vault

Then the devices disappeared from /dev/mapper.  Now when I want to mount
> my external drive again I have to add another step once I open the LUKS
> device:
>
> # kpartx -a /dev/mapper/vault
> ...so it can create /dev/mapper/vault1 & vault2 so I can use either one
> to mount the btrs raid 1.
>
> This much seem to be expected.


> Is this the correct method:  create the two partitions on the LUKS
> device so can I use BTRS RAID 1?  I thought about the other way:
>
> The "standard way" is to create an LVM volume in the encrypted
container.This is how most
distributions implements "full disk encryption" with LUKS.

With an LVM volume,you can simulate partitions by creating volume
groups/logical volumes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20140314/9944bcf4/attachment.html>


More information about the dm-crypt mailing list