On Sat, Aug 9, 2014 at 8:17 PM, peng <li...@f2f10.com> wrote: > Hi All, > I followed http://www.cyrius.com/debian/kirkwood/qnap/ts-219/ and > converted my NAS to Debian. I tried the following, > > 1. raid0 (1G) as swap(encrypted as well with random key) and raid1 (rest > of 2x1T); luks on raid1; lvm on luks; /root and /home on lvm > 2. raid0 (1G) and raid1 (rest of 2x1T); lvm on luks; /root and /home on > lvm.
> Seceraio 2 works. sceraio 1 doesn't. Even I was able to put in passphrase > during initial boot via console, it's landing in initram sys mode. > I don't understand the difference between the two scenarios, your description is not very clear. > > My intention is to have a fully encrypted NAS. I thought that > kernel/initramdisk on the internal Flash of NAS (which was instralled by > installer script) would good enough to serve as function of a seperate > /boot (which would host kernel/initramdisk image). It seems not so. > > My question is , do we still have to rely on /boot on disk (be it on > Harddisk or a seperate usb), even we have kernel/initramd on the flash, to > make this full encryption working? > I would assume yes. If you encrypt /boot, flash-kernel will write an encrypted kernel to flash, and it will not be able to decrypt itself. > > many thanks > Peng > > > > -- > To UNSUBSCRIBE, email to debian-arm-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > Archive: https://lists.debian.org/75a5756e1ecab2e6bffce1d2c8f959 > 1...@f2f10.com > >