| 1 |
On Tue, Mar 08, 2016 at 03:50:19PM -0800, Max R.D. Parmer wrote: |
| 2 |
> On Tue, Mar 8, 2016, at 15:06, Frank Steinmetzger wrote: |
| 3 |
> > On Wed, Mar 09, 2016 at 12:02:23AM +0100, Frank Steinmetzger wrote: |
| 4 |
> > |
| 5 |
> > > > If you would like to get rid of the /run/lvm/lvmetad.socket error just |
| 6 |
> > > > start lvm with "service lvm start". I still get the error when starting |
| 7 |
> > > > up but it still works. |
| 8 |
> > > |
| 9 |
> > > I noticed that and quickly found /etc/init.d/lvmetad, but since I'm doing |
| 10 |
> > > only the setup on this PC, I don't realler bother. |
| 11 |
> > |
| 12 |
> > I would actually prefer a simple partition table within the luks |
| 13 |
> > container. |
| 14 |
> > I have no real need for the flexibility of LVM and it would only embiggen |
| 15 |
> > the required initramfs and make the boot process more complex. |
| 16 |
> > But folks on IRC told me was not possible. |
| 17 |
> > |
| 18 |
> > -- |
| 19 |
> > Gruß | Greetings | Qapla’ |
| 20 |
> > Please do not share anything from, with or about me with any social |
| 21 |
> > network. |
| 22 |
> > |
| 23 |
> > There are things of which I do not even talk to myself. |
| 24 |
|
| 25 |
> Frank, I can attest that it is possible to have an encrypted root |
| 26 |
> without involving LVM. [...] |
| 27 |
> You are doing things in a reasonable order it seems to me. First you |
| 28 |
> create the partition table, then you luksFormat the partition which is |
| 29 |
> to be encrypted (presumably leaving /boot unencrypted), and then you run |
| 30 |
> pvcreate on the encrypted partition (although if you do not wish to use |
| 31 |
> lvm, you should just run mkfs on the dm-crypt device in /dev/mapper). |
| 32 |
|
| 33 |
Sounds to me you are speaking of LUKSing a single partition. That is not |
| 34 |
what I aim at. I've been using unencrypted / and encrypted /home on my old |
| 35 |
laptop just fine, but on an SSD, I prefer full-device encryption for |
| 36 |
everything due to the nondeterministic nature of SSD wear leveling. |
| 37 |
|
| 38 |
Running pvcreate on the encrypted partition is what spawned this thread in |
| 39 |
the first place: it denies cooperation. |
| 40 |
|
| 41 |
> LVM can be nice, though, as it lets you have a multitude of logical |
| 42 |
> volumes all within a single encrypted disk partition |
| 43 |
|
| 44 |
Hence my appended remark on whether it’s possible to use a partition table |
| 45 |
inside a LUKS container. |
| 46 |
|
| 47 |
> (otherwise maybe you would have everything on one partition and your |
| 48 |
> system would fail if /var got full, or you would have several separately |
| 49 |
> encrypted partitions which could cause other troubles). |
| 50 |
|
| 51 |
Nah, I do have a partitioning scheme of /, /home and /data. |
| 52 |
I rarely ever have space problems, especially with /. My main PC has 50 G |
| 53 |
for /, and with all kinds of big software including debug information for |
| 54 |
everything, distfiles for all installed packages and a kernel tree, only |
| 55 |
uses 33 Gig of that. |
| 56 |
|
| 57 |
> Could you send us the output of "stat `readlink -f /dev/mapper/lvm`" (or |
| 58 |
> in your first example, "stat `readlink -f /dev/mapper/tp`")? I am |
| 59 |
> interested to see that the file exists and has the correct attributes |
| 60 |
> after you perform your `cryptsetup luksOpen` operation. The files in |
| 61 |
> /dev/mapper are symlinks to /dev/dm-* devices, this will resolve the |
| 62 |
> symlink and then run stat on the real underlying dm-* device. |
| 63 |
|
| 64 |
It is a symlink and the corresponding dm file is there: |
| 65 |
kern $ readlink -f /dev/mapper/tp |
| 66 |
/dev/dm-1 |
| 67 |
kern $ ll /dev/dm-1 |
| 68 |
brw-rw---- 1 root disk 254, 1 9. Mär 01:01 /dev/dm-1 |
| 69 |
|
| 70 |
(dm-0 being the host PC’s /home) |
| 71 |
|
| 72 |
I got a reply off-list that it is possible to create a partition table |
| 73 |
within a LUKS container. Well, technically I tried this yesterday already |
| 74 |
(parted /dev/mapper/tp). But I don't know how to access the separate |
| 75 |
partitions within it for formatting and mounting. Using losetup? |
| 76 |
-- |
| 77 |
Gruß | Greetings | Qapla’ |
| 78 |
Please do not share anything from, with or about me with any social network. |
| 79 |
|
| 80 |
Someone who works has no time to earn money. |
Archives