Am Sonntag, 30. März 2008 schrieb Neil Bothwick: > On Sun, 30 Mar 2008 09:50:47 +0200, Dirk Heinrichs wrote: > > > However, the setup doesn't work. I'm not asked for the passphrase, the > > > mappings are not created. What did I forget? > > > > That the mappings are created all in one go before anything is mounted, > > so you can't put the keyfile for /var into /boot. The only thing that > > would work is to put the keyfile on the root fs, because that's the > > only one that is mounted when the mappings are created, like: > > You can if you add > > pre_mount="mount /dev/mapper/boot /boot" > > to the boot stanza of dmcrypt, it forces the filesystem to be mounted > immediately. > > I ue a variant of this, where keys are stored on a dedicated partition. > The pre_mount and post_mount (which unmounts the filesystem) ensure that > the keys are only visible for as long as it takes to mount the other > filesystems.
I protect the root fs with a passphrase and all other volumes with a keyfile
stored in this fs. No need to mount anything (however, I _do_ need an
initramfs because of this).
Bye...
Dirk
signature.asc
Description: This is a digitally signed message part.
