| 1 |
On Mon, 23 Jul 2007 09:53:12 -0400, Richard Freeman wrote: |
| 2 |
|
| 3 |
> > I keep my keys on an encrypted partition, /etc/conf.d/cryptfs prompts |
| 4 |
> > for the key for that partition at boot. Then the keys on that |
| 5 |
> > partition are used to set up swap and /home before the partition is |
| 6 |
> > unmounted, so the keys are only exposed for 2-3 seconds per boot. |
| 7 |
|
| 8 |
> I'd prefer to not require any passwords to boot the system - I'm running |
| 9 |
> a server and mythtv as well and if something goes down I'd rather it be |
| 10 |
> back up on its own without me at the console. |
| 11 |
|
| 12 |
Fair comment, I run this setup on a desktop and laptop. I do have an |
| 13 |
encrypted partition on a server, but it gets it's key over the network, |
| 14 |
and if the system will still work without that partition. |
| 15 |
|
| 16 |
I don't use encryption on my MythTV box because I don't record anything |
| 17 |
top secret ;-) |
| 18 |
|
| 19 |
> However, I did think of a potentially-elegant solution: |
| 20 |
> |
| 21 |
> 1. Create a new volume group for each swap partition. |
| 22 |
> 2. Add the swap partitions to their volume groups. |
| 23 |
> 3. Create one logical volume on each volume group. |
| 24 |
> 4. Map the crytpo-loop devices to the LVM logical volumes. |
| 25 |
> |
| 26 |
> Then if device names change the LVM logic will find them and sort it all |
| 27 |
> out. And there shouldn't be too much overhead running swap on top of |
| 28 |
> LVM - my issue was with running swap on LVM on RAID-5 - which is a lot |
| 29 |
> more overhead. |
| 30 |
|
| 31 |
That sounds a good plan, but why do you need multiple VGs? Why not put |
| 32 |
all the swap partitions in one VG then create one LV on each PV? |
| 33 |
|
| 34 |
|
| 35 |
-- |
| 36 |
Neil Bothwick |
| 37 |
|
| 38 |
Don't let your mind wander, it's too little to be let out alone. |
Archives