From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Jg0l0-00077A-KB for garchives@archives.gentoo.org; Sun, 30 Mar 2008 16:51:46 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 57CC5E042C; Sun, 30 Mar 2008 16:51:45 +0000 (UTC) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186]) by pigeon.gentoo.org (Postfix) with ESMTP id 0B4C3E042C for ; Sun, 30 Mar 2008 16:51:45 +0000 (UTC) Received: from rohan.altum.de (p54BBB00B.dip0.t-ipconnect.de [84.187.176.11]) by mrelayeu.kundenserver.de (node=mrelayeu7) with ESMTP (Nemesis) id 0ML2xA-1Jg0ky0hAo-0000O3; Sun, 30 Mar 2008 18:51:44 +0200 To: gentoo-user@lists.gentoo.org Date: Sun, 30 Mar 2008 18:50:59 +0200 Subject: Re: [gentoo-user] Cryptfs Message-ID: <200803301851.04547.dirk.heinrichs@online.de> From: "Dirk Heinrichs" Organization: Mail Received: from gondolin (gondolin.altum.de [192.168.2.24]) by rohan.altum.de; Sun, 30 Mar 2008 18:51:05 +0200 Organization: Privat User-Agent: KMail/1.9.9 References: <1206811941.13252.13.camel@NOTE_GENTOO64.PHHEIMNETZ> <200803300950.53721.dirk.heinrichs@online.de> <20080330140644.63d0bf61@loonquawl.digimed.co.uk> In-Reply-To: <20080330140644.63d0bf61@loonquawl.digimed.co.uk> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2493869.jHyEuuQV9W"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit X-Provags-ID: V01U2FsdGVkX18ZGgdSV2G2caLFg+eKPRmc3BtQpPtQIJuHu9Q hTnFQqSgfyDriJ9LtwVY6ihU8DiRNV/E+wleKHvOr1i+062SgN Ip7Z5TdNnmj4YbhAVMqtA== X-Archives-Salt: 76b32d1f-ac50-460c-b661-280edc074d0b X-Archives-Hash: 4dc729d160f88ecce8ca6ca839efef9b --nextPart2493869.jHyEuuQV9W Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Am Sonntag, 30. M=C3=A4rz 2008 schrieb Neil Bothwick: > On Sun, 30 Mar 2008 09:50:47 +0200, Dirk Heinrichs wrote: > > > However, the setup doesn't work. I'm not asked for the passphrase, the > > > mappings are not created. What did I forget? > > > > That the mappings are created all in one go before anything is mounted, > > so you can't put the keyfile for /var into /boot. The only thing that > > would work is to put the keyfile on the root fs, because that's the > > only one that is mounted when the mappings are created, like: > > You can if you add > > pre_mount=3D"mount /dev/mapper/boot /boot" > > to the boot stanza of dmcrypt, it forces the filesystem to be mounted > immediately. > > I ue a variant of this, where keys are stored on a dedicated partition. > The pre_mount and post_mount (which unmounts the filesystem) ensure that > the keys are only visible for as long as it takes to mount the other > filesystems. I protect the root fs with a passphrase and all other volumes with a keyfil= e=20 stored in this fs. No need to mount anything (however, I _do_ need an=20 initramfs because of this). Bye... Dirk --nextPart2493869.jHyEuuQV9W Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iD8DBQBH78T48NVtnsLkZ7sRAmuWAKCjKMo311OjAiB/G5azGpJd6LgDtACgrxIf L/HmYROm7UktFPZokUGTN24= =gyJZ -----END PGP SIGNATURE----- --nextPart2493869.jHyEuuQV9W-- -- gentoo-user@lists.gentoo.org mailing list