1 |
On Mon, 23 Jul 2007 09:53:12 -0400, Richard Freeman wrote: |
2 |
|
3 |
> > I keep my keys on an encrypted partition, /etc/conf.d/cryptfs prompts |
4 |
> > for the key for that partition at boot. Then the keys on that |
5 |
> > partition are used to set up swap and /home before the partition is |
6 |
> > unmounted, so the keys are only exposed for 2-3 seconds per boot. |
7 |
|
8 |
> I'd prefer to not require any passwords to boot the system - I'm running |
9 |
> a server and mythtv as well and if something goes down I'd rather it be |
10 |
> back up on its own without me at the console. |
11 |
|
12 |
Fair comment, I run this setup on a desktop and laptop. I do have an |
13 |
encrypted partition on a server, but it gets it's key over the network, |
14 |
and if the system will still work without that partition. |
15 |
|
16 |
I don't use encryption on my MythTV box because I don't record anything |
17 |
top secret ;-) |
18 |
|
19 |
> However, I did think of a potentially-elegant solution: |
20 |
> |
21 |
> 1. Create a new volume group for each swap partition. |
22 |
> 2. Add the swap partitions to their volume groups. |
23 |
> 3. Create one logical volume on each volume group. |
24 |
> 4. Map the crytpo-loop devices to the LVM logical volumes. |
25 |
> |
26 |
> Then if device names change the LVM logic will find them and sort it all |
27 |
> out. And there shouldn't be too much overhead running swap on top of |
28 |
> LVM - my issue was with running swap on LVM on RAID-5 - which is a lot |
29 |
> more overhead. |
30 |
|
31 |
That sounds a good plan, but why do you need multiple VGs? Why not put |
32 |
all the swap partitions in one VG then create one LV on each PV? |
33 |
|
34 |
|
35 |
-- |
36 |
Neil Bothwick |
37 |
|
38 |
Don't let your mind wander, it's too little to be let out alone. |