From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1MN6ti-0001Sk-SF for garchives@archives.gentoo.org; Sat, 04 Jul 2009 15:11:27 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 64506E062B; Sat, 4 Jul 2009 15:11:25 +0000 (UTC) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171]) by pigeon.gentoo.org (Postfix) with ESMTP id 0AFE3E062B for ; Sat, 4 Jul 2009 15:11:25 +0000 (UTC) Received: from rohan.altum.de (p5DC808BE.dip0.t-ipconnect.de [93.200.8.190]) by mrelayeu.kundenserver.de (node=mreu2) with ESMTP (Nemesis) id 0MKv5w-1MN6tg0dc9-000Laj; Sat, 04 Jul 2009 17:11:24 +0200 Received: from localhost (localhost [127.0.0.1]) by rohan.altum.de (Postfix) with ESMTP id BB64770008A for ; Sat, 4 Jul 2009 17:11:23 +0200 (CEST) Received: from gondolin.localnet (gondolin.altum.de [192.168.1.4]) (Authenticated sender: heini) by rohan.altum.de (Postfix) with ESMTPSA id DC679700089 for ; Sat, 4 Jul 2009 17:11:15 +0200 (CEST) From: Dirk Heinrichs Organization: Privat To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Encrypting everything Date: Sat, 4 Jul 2009 17:11:06 +0200 User-Agent: KMail/1.11.4 (Linux/2.6.30.1; KDE/4.2.4; i686; ; ) References: <200907011240.21313.wonko@wonkology.org> <200907021904.09260.dirk.heinrichs@online.de> <200907041451.54461.wonko@wonkology.org> In-Reply-To: <200907041451.54461.wonko@wonkology.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1472637.ITtmjhPnAO"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200907041711.12510.dirk.heinrichs@online.de> X-Provags-ID: V01U2FsdGVkX1+2oXVR8arMvaZpqypBTvSF3nzzBLvUBEKmC3i iHC1zojczb2sy6xDJw9gE0juS4Qm5aleBym0tH4ithlkAQLs1T DqEauiIV8qrWVnrk6Ye5A== X-Archives-Salt: 9f5f196f-3b75-4a4f-a470-6fc5c4d115cf X-Archives-Hash: 45b3babdbc5a18fb6e02bc0d08fb1677 --nextPart1472637.ITtmjhPnAO Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Am Samstag 04 Juli 2009 14:51:54 schrieb Alex Schuster: > Dirk Heinrichs writes: > > > > having said that, you can even do w/o > > initramfs, just put everything into /boot (which should be a separate > > partition, then). Again, see my reply to David for the details. > > Interesting. Getting rid of initramfs looks like a simpler approach, no > need to fiddle with cpio in order to change things. Also with initramfs, you don't need to fiddle with cpio. The kernel build=20 system does this for you. > I do not want to have to enter a password every time my machine boots, so > I put the key onto a stick. And how do you protect the key on the stick? What if you loose it? > And simply made it the same for all > partitions. And while I was at it, for maximum security, I also put /boot > onto the stick. Sure, who would ever break into my house and modify my > boot partition, replacing the kernel with kernel+keylogger or such... but > then, I would probably also not need to encrypt my stuff at all. Encryption doesn't protect a _running_ system, because then, all needed LVs= =20 are readable. It only protects the system while switched of (so that an=20 attacker can not acces your data after stealing the entire system, or after= =20 you sold your harddisk). > > Then you did something wrong. It works out of the box. > > Really? I know it does for root and swap (it works here), but how do I > tell the system to also luskOpen all my other LVM volumes? By listing them in /etc/conf.d/dmcrypt. --nextPart1472637.ITtmjhPnAO Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) iD8DBQBKT3EQ8NVtnsLkZ7sRAgvwAKCwhgsDKJAzplKg7KvAA+F8AHfUaQCgnvQQ uRlSHP0A9kF/ZBiQq6d7+ww= =4ruO -----END PGP SIGNATURE----- --nextPart1472637.ITtmjhPnAO--