Using encrypted disks

Andrew Farris lordmorgul at gmail.com
Thu Apr 10 07:07:18 UTC 2008 

Anne Wilson wrote:
> On Wednesday 09 April 2008 12:36:57 Andrew Farris wrote:
>> Anne Wilson wrote:
>>> During install I was asked to give a password for encrypting the disk(s).
>>>  In the rawhide box there are two hard disks, and both were encrypted. 
>>> Did I get the chance to set different passwords for the two disks?  I
>>> can't remember. If I didn't, there isn't much sense in asking me for each
>>> disk's password, but I wonder what circumstances are envisaged where you
>>> might want different encryption on the two disks?
>> If you created them as separately encrypted filesystems then yes, you did
>> get the chance to set each password.  If it is two disks or multiple
>> partitions using a single filesystem then no.
>>
> There is only one file-system on that box.
> 
>> I could foresee having a separate filesystem for each user with different
>> encryption, for which you'd want to set the passwords differently. (ala
>> OSX's filevault home directories)
>>
> That makes sense.  However, at the time I wrote my mind was on my 
> single-filesystem installation.  It just doesn't feel sensible to have to 
> give the password twice in this case.

I do not have to enter my LUKS passphrase more than once for installations with 
one filesystem.  The default partitioning scheme, one LVM with root filesystem 
and swap combined, and one separate /boot, only asks for my passphrase once. 
Forgive the doubt but I'd like to see how your filesystems are configured if 
you're being asked for the the passphrase twice.

I'm asked for it when / is mounted readonly, then it is not asked for when root 
is remounted and it is not asked for when udev starts.

On the other hand, when I have a separate partition for root and for /home, both 
encrypted separately, I'm asked for the passphrase once at readonly root mount, 
then again when udev starts (when /home gets mounted).

-- 
Andrew Farris <lordmorgul at gmail.com> www.lordmorgul.net
  gpg 0x8300BF29 fingerprint 071D FFE0 4CBC 13FC 7DEB  5BD5 5F89 8E1B 8300 BF29

More information about the test mailing list