1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Neil Bothwick wrote: |
5 |
> |
6 |
> I keep my keys on an encrypted partition, /etc/conf.d/cryptfs prompts for |
7 |
> the key for that partition at boot. Then the keys on that partition are |
8 |
> used to set up swap and /home before the partition is unmounted, so the |
9 |
> keys are only exposed for 2-3 seconds per boot. |
10 |
> |
11 |
|
12 |
I'd prefer to not require any passwords to boot the system - I'm running |
13 |
a server and mythtv as well and if something goes down I'd rather it be |
14 |
back up on its own without me at the console. |
15 |
|
16 |
However, I did think of a potentially-elegant solution: |
17 |
|
18 |
1. Create a new volume group for each swap partition. |
19 |
2. Add the swap partitions to their volume groups. |
20 |
3. Create one logical volume on each volume group. |
21 |
4. Map the crytpo-loop devices to the LVM logical volumes. |
22 |
|
23 |
Then if device names change the LVM logic will find them and sort it all |
24 |
out. And there shouldn't be too much overhead running swap on top of |
25 |
LVM - my issue was with running swap on LVM on RAID-5 - which is a lot |
26 |
more overhead. |
27 |
-----BEGIN PGP SIGNATURE----- |
28 |
Version: GnuPG v1.4.7 (GNU/Linux) |
29 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
30 |
|
31 |
iD8DBQFGpLLEG4/rWKZmVWkRAu0kAKCYRulit1m/n/GVxT0W5ob9NORSqQCfbflv |
32 |
ffxVf4WlE77e4m339wvVrpU= |
33 |
=r1TI |
34 |
-----END PGP SIGNATURE----- |