From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1S7RJm-0003kA-A6 for garchives@archives.gentoo.org; Tue, 13 Mar 2012 12:59:10 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E21C1E0B4C; Tue, 13 Mar 2012 12:59:01 +0000 (UTC) Received: from mail-gx0-f181.google.com (mail-gx0-f181.google.com [209.85.161.181]) by pigeon.gentoo.org (Postfix) with ESMTP id 28ED3E09BD for ; Tue, 13 Mar 2012 12:58:05 +0000 (UTC) Received: by ggni4 with SMTP id i4so657897ggn.40 for ; Tue, 13 Mar 2012 05:58:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=tXuBJvDt56RHjOVlWFd8QhlQ6SNDM0qCj/ytMB7RszQ=; b=GzKi4WcN6DJAbqZugIYfGOOJtvVrtzxaFzsIQx7RG5bSW990EzBd5oOPcKsYRIHnMx OGrw1/pABRgri7hNUX9d/rR5uI0Q1qh5Z4wH+5M1zVn9jpUNAfGM440lhpyOULOuw+fp 7eAr1L0vRcjvMAY/eO1ZOP8lUDyiQfipsTbAMdt+t6xznkmmuqI4VEJ/Pb/0UHqkpjne UP/E6VlbbRwSceC5ROUuc4KUa3CfEi+NXlGWioUQWDalMzukGMeAKeUyIvJGTM6gfV6w h7dszm+9PyzNFFg72M0OKMwMtWTwX2km2ggh50SfdgUlOvZxU29wfC/jL2OoVG4RMVMD wWDg== Received: by 10.236.173.195 with SMTP id v43mr17348756yhl.40.1331643485712; Tue, 13 Mar 2012 05:58:05 -0700 (PDT) Received: from [192.168.10.8] (c-68-52-224-136.hsd1.tn.comcast.net. [68.52.224.136]) by mx.google.com with ESMTPS id e8sm1045064yhk.0.2012.03.13.05.58.04 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 13 Mar 2012 05:58:04 -0700 (PDT) Message-ID: <4F5F35C1.8070301@gmail.com> Date: Tue, 13 Mar 2012 07:55:45 -0400 From: Valmor de Almeida User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110816 Lightning/1.0b3pre Lanikai/3.1.10 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] hard drive encryption References: <4F5CC6F5.6020303@gmail.com> <4F5CEF0D.5050801@binarywings.net> In-Reply-To: <4F5CEF0D.5050801@binarywings.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: bde9cc29-9cc6-45c9-9753-698785c4b2c6 X-Archives-Hash: 79e8ed4d0c005e7ae4ec9887ed694833 On 03/11/2012 02:29 PM, Florian Philipp wrote: > Am 11.03.2012 16:38, schrieb Valmor de Almeida: >> >> Hello, >> >> I have not looked at encryption before and find myself in a situation >> that I have to encrypt my hard drive. I keep /, /boot, and swap outside >> LVM, everything else is under LVM. I think all I need to do is to >> encrypt /home which is under LVM. I use reiserfs. >> >> I would appreciate suggestion and pointers on what it is practical and >> simple in order to accomplish this task with a minimum of downtime. >> >> Thanks, >> >> -- >> Valmor >> > > > Is it acceptable for you to have a commandline prompt for the password > when booting? In that case you can use LUKS with the /etc/init.d/dmcrypt I think so. > init script. /etc/conf.d/dmcrypt should contain some examples. As you > want to encrypt an LVM volume, the lvm init script needs to be started > before this. As I see it, there is no strict dependency between those > two scripts. You can add this by adding this line to /etc/rc.conf: > rc_dmcrypt_after="lvm" > > For creating a LUKS-encrypted volume, look at > http://en.gentoo-wiki.com/wiki/DM-Crypt Currently looking at this. > > You won't need most of what is written there; just section 9, > "Administering LUKS" and the kernel config in section 2, "Assumptions". > > Concerning downtime, I'm not aware of any solution that avoids copying > the data over to the new volume. If downtime is absolutely critical, ask > and we can work something out that minimizes the time. > > Regards, > Florian Philipp > Since I am planning to encrypt only home/ under LVM control, what kind of overhead should I expect? Thanks, -- Valmor