On Mon, 23 Jul 2007 09:53:12 -0400, Richard Freeman wrote: > > I keep my keys on an encrypted partition, /etc/conf.d/cryptfs prompts > > for the key for that partition at boot. Then the keys on that > > partition are used to set up swap and /home before the partition is > > unmounted, so the keys are only exposed for 2-3 seconds per boot.
> I'd prefer to not require any passwords to boot the system - I'm running > a server and mythtv as well and if something goes down I'd rather it be > back up on its own without me at the console. Fair comment, I run this setup on a desktop and laptop. I do have an encrypted partition on a server, but it gets it's key over the network, and if the system will still work without that partition. I don't use encryption on my MythTV box because I don't record anything top secret ;-) > However, I did think of a potentially-elegant solution: > > 1. Create a new volume group for each swap partition. > 2. Add the swap partitions to their volume groups. > 3. Create one logical volume on each volume group. > 4. Map the crytpo-loop devices to the LVM logical volumes. > > Then if device names change the LVM logic will find them and sort it all > out. And there shouldn't be too much overhead running swap on top of > LVM - my issue was with running swap on LVM on RAID-5 - which is a lot > more overhead. That sounds a good plan, but why do you need multiple VGs? Why not put all the swap partitions in one VG then create one LV on each PV? -- Neil Bothwick Don't let your mind wander, it's too little to be let out alone.
signature.asc
Description: PGP signature
