Am Freitag, 2. Januar 2009 19:36:28 schrieb Jens Müller:
> Dirk Heinrichs schrieb:
> > Just to make sure I understand what you want to do: You have encrypted
> > physical volumes which you want to combine into an LVM volume group and
> > then put logical volumes into this VG?
>
> Raid part 1 \
> Raid part 2 >- Raid5 -> /dev/md127 = PV1
> Raid part 3 /
>
>                       ...(possibly others)...
> PV1 --LVM--> VG1 --->    LV1: \dev\mapper\vg1-crypt
>
> LV1: \dev\mapper\vg1-crypt --cryptsetup--> \dev\mapper\crypt_pv
>
> \dev\mapper\crypt_pv = PV2  --LVM--> VG1 ---> (all the partitions)
>
> Basically, I have one encrypted "physical" volume, but I want to be
> flexible ...

If you have one encrypted PV from which you build a VG, then every LV inside 
it will automatically be encrypted. So where's the flexibility?

Means:

PV1 --cryptsetup--> PV1_crypt --vgcreate--> VG1 --lvcreate--> LVx

To be able to choose wether to encrypt each LV or not, you need to encrypt at 
LV level, like:

PV1 --vgcreate--> VG1 --lvcreate--> LVx --cryptsetup--> LVx_crypt

For the latter I have some scripts ready to create an initramfs which can be 
combined with the kernel (It's for EVMS, but it should be easy to adapt to 
LVM.

HTH...

	Dirk