On Sun, 30 Mar 2008 09:50:47 +0200, Dirk Heinrichs wrote: > > However, the setup doesn't work. I'm not asked for the passphrase, the > > mappings are not created. What did I forget? > > That the mappings are created all in one go before anything is mounted, > so you can't put the keyfile for /var into /boot. The only thing that > would work is to put the keyfile on the root fs, because that's the > only one that is mounted when the mappings are created, like:
You can if you add pre_mount="mount /dev/mapper/boot /boot" to the boot stanza of dmcrypt, it forces the filesystem to be mounted immediately. I ue a variant of this, where keys are stored on a dedicated partition. The pre_mount and post_mount (which unmounts the filesystem) ensure that the keys are only visible for as long as it takes to mount the other filesystems. -- Neil Bothwick Thesaurus: ancient reptile with an excellent vocabulary
signature.asc
Description: PGP signature
