| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
Neil Bothwick wrote: |
| 5 |
> |
| 6 |
> I keep my keys on an encrypted partition, /etc/conf.d/cryptfs prompts for |
| 7 |
> the key for that partition at boot. Then the keys on that partition are |
| 8 |
> used to set up swap and /home before the partition is unmounted, so the |
| 9 |
> keys are only exposed for 2-3 seconds per boot. |
| 10 |
> |
| 11 |
|
| 12 |
I'd prefer to not require any passwords to boot the system - I'm running |
| 13 |
a server and mythtv as well and if something goes down I'd rather it be |
| 14 |
back up on its own without me at the console. |
| 15 |
|
| 16 |
However, I did think of a potentially-elegant solution: |
| 17 |
|
| 18 |
1. Create a new volume group for each swap partition. |
| 19 |
2. Add the swap partitions to their volume groups. |
| 20 |
3. Create one logical volume on each volume group. |
| 21 |
4. Map the crytpo-loop devices to the LVM logical volumes. |
| 22 |
|
| 23 |
Then if device names change the LVM logic will find them and sort it all |
| 24 |
out. And there shouldn't be too much overhead running swap on top of |
| 25 |
LVM - my issue was with running swap on LVM on RAID-5 - which is a lot |
| 26 |
more overhead. |
| 27 |
-----BEGIN PGP SIGNATURE----- |
| 28 |
Version: GnuPG v1.4.7 (GNU/Linux) |
| 29 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
| 30 |
|
| 31 |
iD8DBQFGpLLEG4/rWKZmVWkRAu0kAKCYRulit1m/n/GVxT0W5ob9NORSqQCfbflv |
| 32 |
ffxVf4WlE77e4m339wvVrpU= |
| 33 |
=r1TI |
| 34 |
-----END PGP SIGNATURE----- |
Archives