Using encrypted disks
Andrew Farris
lordmorgul at gmail.com
Thu Apr 10 21:56:16 UTC 2008
Anne Wilson wrote:
> On Thursday 10 April 2008 08:07:18 am Andrew Farris wrote:
>> I do not have to enter my LUKS passphrase more than once for installations
>> with one filesystem. The default partitioning scheme, one LVM with root
>> filesystem and swap combined, and one separate /boot, only asks for my
>> passphrase once. Forgive the doubt but I'd like to see how your filesystems
>> are configured if you're being asked for the the passphrase twice.
>>
>> I'm asked for it when / is mounted readonly, then it is not asked for when
>> root is remounted and it is not asked for when udev starts.
>>
>> On the other hand, when I have a separate partition for root and for /home,
>> both encrypted separately, I'm asked for the passphrase once at readonly
>> root mount, then again when udev starts (when /home gets mounted).
>
> df
> Filesystem 1K-blocks Used Available Use% Mounted on
> /dev/mapper/VolGroup00-LogVol00
> 228486436 2424584 226061852 2% /
> /dev/sda1 194442 20120 164283 11% /boot
> tmpfs 1037608 0 1037608 0% /dev/shm
>
> I definitely prefer a separate home, but I've not used LVM before, and I can't
> recall what happened when I tried to do that.
Ok so you do have the default partitioning scheme with a single / and /boot. So
you are being asked for your LUKS passphrase twice? This may be because the LVM
spans two disks, but thats just a guess because I'm not familiar with how that
is handled. When you have a single encrypted LVM on a single disk that does not
happen.
> Here's what I got from fdisk -l:
>
> Disk /dev/sda: 120.0 GB, 120034123776 bytes
> 255 heads, 63 sectors/track, 14593 cylinders
> Units = cylinders of 16065 * 512 = 8225280 bytes
> Disk identifier: 0x0001232c
>
> Device Boot Start End Blocks Id System
> /dev/sda1 * 1 25 200781 83 Linux
> /dev/sda2 26 14593 117017460 8e Linux LVM
>
> Disk /dev/sdb: 120.0 GB, 120034123776 bytes
> 255 heads, 63 sectors/track, 14593 cylinders
> Units = cylinders of 16065 * 512 = 8225280 bytes
> Disk identifier: 0x837b837b
>
> Device Boot Start End Blocks Id System
> /dev/sdb1 * 1 14593 117218241 8e Linux LVM
>
> Disk /dev/dm-0: 120.0 GB, 120030950400 bytes
> 255 heads, 63 sectors/track, 14592 cylinders
> Units = cylinders of 16065 * 512 = 8225280 bytes
> Disk identifier: 0x00000000
>
> Disk /dev/dm-0 doesn't contain a valid partition table
>
> Disk /dev/dm-1: 119.8 GB, 119825350656 bytes
> 255 heads, 63 sectors/track, 14567 cylinders
> Units = cylinders of 16065 * 512 = 8225280 bytes
> Disk identifier: 0x00000000
>
> Disk /dev/dm-1 doesn't contain a valid partition table
>
> Disk /dev/dm-2: 237.6 GB, 237699596288 bytes
> 255 heads, 63 sectors/track, 28898 cylinders
> Units = cylinders of 16065 * 512 = 8225280 bytes
> Disk identifier: 0x00000000
>
> Disk /dev/dm-2 doesn't contain a valid partition table
>
> Disk /dev/dm-3: 2080 MB, 2080374784 bytes
> 255 heads, 63 sectors/track, 252 cylinders
> Units = cylinders of 16065 * 512 = 8225280 bytes
> Disk identifier: 0x30307800
>
> Disk /dev/dm-3 doesn't contain a valid partition table
>
> I don't really know how to read this. Why are there 4 dm-devices?
I'm not sure about why 4 show up, but they are created by udev for device mapper
(the dm-) which does the software raid and in this case handles the encrypted
lvm. My system shows just two of them (dm-0 and dm-1), one for each encrypted
partition (but I have no lvm). My swap is not encrypted.
Judging by the sizes of the dm-x devices, there is one for each of your 120Gb
disks, one for the full 237Gb LVM (both disks), and one for your swap (probably
encrypted and included inside the LVM on sdb?).
--
Andrew Farris <lordmorgul at gmail.com> www.lordmorgul.net
gpg 0x8300BF29 fingerprint 071D FFE0 4CBC 13FC 7DEB 5BD5 5F89 8E1B 8300 BF29
More information about the test
mailing list