From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LIpJH-0003fp-GE for garchives@archives.gentoo.org; Fri, 02 Jan 2009 19:03:52 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D2643E032A; Fri, 2 Jan 2009 19:03:42 +0000 (UTC) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.17.10]) by pigeon.gentoo.org (Postfix) with ESMTP id 85E4FE032A for ; Fri, 2 Jan 2009 19:03:42 +0000 (UTC) Received: from gondolin.altum.de (p54BBA4D8.dip0.t-ipconnect.de [84.187.164.216]) by mrelayeu.kundenserver.de (node=mrelayeu3) with ESMTP (Nemesis) id 0MKxQS-1LIpJ804VU-0005yc; Fri, 02 Jan 2009 20:03:42 +0100 Received: from localhost (localhost [127.0.0.1]) by gondolin.altum.de (Postfix) with ESMTP id C6FB62A5953 for ; Fri, 2 Jan 2009 20:03:41 +0100 (CET) X-Virus-Scanned: by amavisd-new at online.de Received: from gondolin.altum.de ([127.0.0.1]) by localhost (gondolin.altum.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yM3Axtk+GnpW for ; Fri, 2 Jan 2009 20:03:41 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by gondolin.altum.de (Postfix) with ESMTP id 7D21B2A5954 for ; Fri, 2 Jan 2009 20:03:41 +0100 (CET) Received: from gondolin.localnet (localhost [127.0.0.1]) (Authenticated sender: heini) by gondolin.altum.de (Postfix) with ESMTPSA id 6D7612A5953 for ; Fri, 2 Jan 2009 20:03:41 +0100 (CET) From: Dirk Heinrichs Organization: Privat To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Re: Genkernel: non-standard crypto setup Date: Fri, 2 Jan 2009 20:03:36 +0100 User-Agent: KMail/1.10.92 (Linux/2.6.28; KDE/4.1.85; i686; ; ) References: <200901021928.56817.dirk.heinrichs@online.de> In-Reply-To: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1660197.H42FzSD98h"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200901022003.40873.dirk.heinrichs@online.de> X-Provags-ID: V01U2FsdGVkX1++jgFGKGENwAHfBlV1JOyRIm9lIijP1uy9aHk Yze0CeyUefo0gJBHGsbk7szxpVMIBLtoJunl4Vs1tloEdqoBxr UEdPUa3yMi2p0wZx4DadA== X-Archives-Salt: d340623c-fd97-4e13-8c2e-59f8276c75ad X-Archives-Hash: 7f8201dfd05cc010a275d8761c8e701f --nextPart1660197.H42FzSD98h Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Am Freitag, 2. Januar 2009 19:36:28 schrieb Jens M=FCller: > Dirk Heinrichs schrieb: > > Just to make sure I understand what you want to do: You have encrypted > > physical volumes which you want to combine into an LVM volume group and > > then put logical volumes into this VG? > > Raid part 1 \ > Raid part 2 >- Raid5 -> /dev/md127 =3D PV1 > Raid part 3 / > > ...(possibly others)... > PV1 --LVM--> VG1 ---> LV1: \dev\mapper\vg1-crypt > > LV1: \dev\mapper\vg1-crypt --cryptsetup--> \dev\mapper\crypt_pv > > \dev\mapper\crypt_pv =3D PV2 --LVM--> VG1 ---> (all the partitions) > > Basically, I have one encrypted "physical" volume, but I want to be > flexible ... If you have one encrypted PV from which you build a VG, then every LV insid= e=20 it will automatically be encrypted. So where's the flexibility? Means: PV1 --cryptsetup--> PV1_crypt --vgcreate--> VG1 --lvcreate--> LVx To be able to choose wether to encrypt each LV or not, you need to encrypt = at=20 LV level, like: PV1 --vgcreate--> VG1 --lvcreate--> LVx --cryptsetup--> LVx_crypt =46or the latter I have some scripts ready to create an initramfs which can= be=20 combined with the kernel (It's for EVMS, but it should be easy to adapt to= =20 LVM. HTH... Dirk --nextPart1660197.H42FzSD98h Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iD8DBQBJXmUM8NVtnsLkZ7sRAiX5AJ9zghQ9Eck/59UApdSCGgsDwM6psACeMrK/ SAlcwt1r+q1pM45mtAwmhL8= =EwgF -----END PGP SIGNATURE----- --nextPart1660197.H42FzSD98h--