[Pkg-cryptsetup-devel] Bug#475838: cryptsetup: Would like to use decrypt_derived with a source mapping other than that of the root filesystem
Sam Morris
sam at robots.org.uk
Mon Apr 14 09:34:10 UTC 2008
On Mon, 2008-04-14 at 10:04 +0200, Jérémy Bobbio wrote:
> On Sun, Apr 13, 2008 at 11:09:38AM +0100, Sam Morris wrote:
> > Alternatively, if there is another way to set up encrypted swap so that
> > I can hibernate to it, I would love to hear it. :)
>
> The setup done by the debian-installer when using guided partitioning
> with "encrypted LVM" is fully able to hibernate.
>
> The layout is the following:
> * There is only two physical partitions on your hard drive,
> a small unencrypted one for /boot, and the rest of the disk is
> all in an encrypted partition.
> * Use this encrypted partition as an LVM physical volume.
> * Then setup a LVM volume group with at least two logical volumes: one
> for / and one for the swap.
>
> When entering the passphrase during the boot sequence, you will be
> unlocking both the root filesystem and the swap at the same time and
> hibernation works fine. :)
Oh, sure, but I didn't want to put / on an encrypted volume, hence the
current setup. :)
I did some looking into this. It seems like it might be possible to
modify the 'cryptroot' script so that it checks to see if KEYSCRIPT
= /lib/cryptsetup/scripts/decrypt_derived, and if so, also include the
mapping from crypttab defined in the encrypted volume's 'source' field.
I haven't had a chance to work on a patch yet... but if you think this
is a sane idea then I'll do it.
>
> Cheers,
--
Sam Morris <sam at robots.org.uk>
More information about the Pkg-cryptsetup-devel
mailing list