Am Sonntag, 30. März 2008 schrieb Neil Bothwick:
> On Sun, 30 Mar 2008 09:50:47 +0200, Dirk Heinrichs wrote:
> > > However, the setup doesn't work. I'm not asked for the passphrase, the
> > > mappings are not created. What did I forget?
> >
> > That the mappings are created all in one go before anything is mounted,
> > so you can't put the keyfile for /var into /boot. The only thing that
> > would work is to put the keyfile on the root fs, because that's the
> > only one that is mounted when the mappings are created, like:
>
> You can if you add
>
> pre_mount="mount /dev/mapper/boot /boot"
>
> to the boot stanza of dmcrypt, it forces the filesystem to be mounted
> immediately.
>
> I ue a variant of this, where keys are stored on a dedicated partition.
> The pre_mount and post_mount (which unmounts the filesystem) ensure that
> the keys are only visible for as long as it takes to mount the other
> filesystems.

I protect the root fs with a passphrase and all other volumes with a keyfile 
stored in this fs. No need to mount anything (however, I _do_ need an 
initramfs because of this).

Bye...

	Dirk