From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1S6nYk-00008t-B5 for garchives@archives.gentoo.org; Sun, 11 Mar 2012 18:31:58 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 21E45E0996; Sun, 11 Mar 2012 18:31:40 +0000 (UTC) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) by pigeon.gentoo.org (Postfix) with ESMTP id DCCD4E096C for ; Sun, 11 Mar 2012 18:29:41 +0000 (UTC) Received: from compute2.internal (compute2.nyi.mail.srv.osa [10.202.2.42]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 9B3A621239 for ; Sun, 11 Mar 2012 14:29:41 -0400 (EDT) Received: from frontend2.nyi.mail.srv.osa ([10.202.2.161]) by compute2.internal (MEProxy); Sun, 11 Mar 2012 14:29:41 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=binarywings.net; h=message-id:date:from:mime-version:to:subject:references :in-reply-to:content-type; s=mesmtp; bh=l+26h8nySGuDWWwT9sFCnCOF 8z0=; b=j4CziexwwmUiCTFNLKz6dQQv2cZfESQ47QUcG+UfQxEXdCOQFW5cgUig Qt8jOdhWeo5V5VIemR80ztprQ4i1idDe8wvSrWxkwtoTyHI4V5a2P3d//Kqm4OZH Ig5GH8dchl47B4ikLa8P6e7zQ4B5K4yhMvq2W54pOHadNE+oyxI= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:date:from:mime-version:to :subject:references:in-reply-to:content-type; s=smtpout; bh=l+26 h8nySGuDWWwT9sFCnCOF8z0=; b=PdBLaUL2k3Ugvn+L4Uw/RQfOU7fLGSiTXFMV wCulCX7L8sz1KJix4u77bd+DRLgL3RXJ6eY4PCrNWoSh2Tktq3ct2a1ha1ZMiQ59 jIbO57U7Z35vFUzHAs+/mrMpEn7EaWKIdWQrJVb8dfZCI7Lfz9qabw/NlL6ZHffG m5ye2h0= X-Sasl-enc: hBN4yne3f9HO6C5td/EXyFoJasK/DayL2Ki/9beuhaG8 1331490580 Received: from [192.168.5.18] (serv.binarywings.net [83.169.5.6]) by mail.messagingengine.com (Postfix) with ESMTPSA id 850974827CD for ; Sun, 11 Mar 2012 14:29:40 -0400 (EDT) Message-ID: <4F5CEF0D.5050801@binarywings.net> Date: Sun, 11 Mar 2012 19:29:33 +0100 From: Florian Philipp User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.1) Gecko/20120303 Thunderbird/10.0.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] hard drive encryption References: <4F5CC6F5.6020303@gmail.com> In-Reply-To: <4F5CC6F5.6020303@gmail.com> X-Enigmail-Version: 1.3.5 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig35A5456E0643576F71FCD070" X-Archives-Salt: ca94bf2f-3038-4fd3-ab03-3090bdc19369 X-Archives-Hash: e18431aace3684b657a3314808772960 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig35A5456E0643576F71FCD070 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Am 11.03.2012 16:38, schrieb Valmor de Almeida: >=20 > Hello, >=20 > I have not looked at encryption before and find myself in a situation > that I have to encrypt my hard drive. I keep /, /boot, and swap outside= > LVM, everything else is under LVM. I think all I need to do is to > encrypt /home which is under LVM. I use reiserfs. >=20 > I would appreciate suggestion and pointers on what it is practical and > simple in order to accomplish this task with a minimum of downtime. >=20 > Thanks, >=20 > -- > Valmor >=20 Is it acceptable for you to have a commandline prompt for the password when booting? In that case you can use LUKS with the /etc/init.d/dmcrypt init script. /etc/conf.d/dmcrypt should contain some examples. As you want to encrypt an LVM volume, the lvm init script needs to be started before this. As I see it, there is no strict dependency between those two scripts. You can add this by adding this line to /etc/rc.conf: rc_dmcrypt_after=3D"lvm" For creating a LUKS-encrypted volume, look at http://en.gentoo-wiki.com/wiki/DM-Crypt You won't need most of what is written there; just section 9, "Administering LUKS" and the kernel config in section 2, "Assumptions". Concerning downtime, I'm not aware of any solution that avoids copying the data over to the new volume. If downtime is absolutely critical, ask and we can work something out that minimizes the time. Regards, Florian Philipp --------------enig35A5456E0643576F71FCD070 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9c7xIACgkQqs4uOUlOuU8R7gCdH9z2aYnVpVU5JqMEUwMBrx4j PgQAnR7UuDCvB8s3vnFcSG0rM71I/CZX =mjnX -----END PGP SIGNATURE----- --------------enig35A5456E0643576F71FCD070--