Gentoo Archives: gentoo-user

From: Florian Philipp <lists@×××××××××××.net>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] hard drive encryption
Date: Sun, 11 Mar 2012 18:31:58
In Reply to: [gentoo-user] hard drive encryption by Valmor de Almeida
1 Am 11.03.2012 16:38, schrieb Valmor de Almeida:
2 >
3 > Hello,
4 >
5 > I have not looked at encryption before and find myself in a situation
6 > that I have to encrypt my hard drive. I keep /, /boot, and swap outside
7 > LVM, everything else is under LVM. I think all I need to do is to
8 > encrypt /home which is under LVM. I use reiserfs.
9 >
10 > I would appreciate suggestion and pointers on what it is practical and
11 > simple in order to accomplish this task with a minimum of downtime.
12 >
13 > Thanks,
14 >
15 > --
16 > Valmor
17 >
20 Is it acceptable for you to have a commandline prompt for the password
21 when booting? In that case you can use LUKS with the /etc/init.d/dmcrypt
22 init script. /etc/conf.d/dmcrypt should contain some examples. As you
23 want to encrypt an LVM volume, the lvm init script needs to be started
24 before this. As I see it, there is no strict dependency between those
25 two scripts. You can add this by adding this line to /etc/rc.conf:
26 rc_dmcrypt_after="lvm"
28 For creating a LUKS-encrypted volume, look at
31 You won't need most of what is written there; just section 9,
32 "Administering LUKS" and the kernel config in section 2, "Assumptions".
34 Concerning downtime, I'm not aware of any solution that avoids copying
35 the data over to the new volume. If downtime is absolutely critical, ask
36 and we can work something out that minimizes the time.
38 Regards,
39 Florian Philipp


File name MIME type
signature.asc application/pgp-signature


Subject Author
Re: [gentoo-user] hard drive encryption Valmor de Almeida <val.gentoo@×××××.com>