From: "Jens Müller" <blog@tessarakt.de>
To: gentoo-user@lists.gentoo.org
Subject: [gentoo-user] Re: Genkernel: non-standard crypto setup
Date: Fri, 02 Jan 2009 20:20:26 +0100 [thread overview]
Message-ID: <gjlpdq$kp8$1@ger.gmane.org> (raw)
In-Reply-To: <200901022003.40873.dirk.heinrichs@online.de>
Dirk Heinrichs schrieb:
> Am Freitag, 2. Januar 2009 19:36:28 schrieb Jens Müller:
>> Dirk Heinrichs schrieb:
>>> Just to make sure I understand what you want to do: You have encrypted
>>> physical volumes which you want to combine into an LVM volume group and
>>> then put logical volumes into this VG?
>> Raid part 1 \
>> Raid part 2 >- Raid5 -> /dev/md127 = PV1
>> Raid part 3 /
>>
>> ...(possibly others)...
>> PV1 --LVM--> VG1 ---> LV1: \dev\mapper\vg1-crypt
>>
>> LV1: \dev\mapper\vg1-crypt --cryptsetup--> \dev\mapper\crypt_pv
>>
>> \dev\mapper\crypt_pv = PV2 --LVM--> VG1 ---> (all the partitions)
>>
>> Basically, I have one encrypted "physical" volume, but I want to be
>> flexible ...
>
> If you have one encrypted PV from which you build a VG, then every LV inside
> it will automatically be encrypted. So where's the flexibility?
I meant it's more flexible than encrypting /dev/md127 itself.
E.g., I can create a snapshot of an LV which is still encrypted.
> Means:
>
> PV1 --cryptsetup--> PV1_crypt --vgcreate--> VG1 --lvcreate--> LVx
>
> To be able to choose wether to encrypt each LV or not, you need to encrypt at
> LV level, like:
>
> PV1 --vgcreate--> VG1 --lvcreate--> LVx --cryptsetup--> LVx_crypt
>
> For the latter I have some scripts ready to create an initramfs which can be
> combined with the kernel (It's for EVMS, but it should be easy to adapt to
> LVM.
Well, the genkernel default script can be given a "crypt_root", can load
the key from a USB device, etc. ...
next prev parent reply other threads:[~2009-01-02 19:20 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-02 17:50 [gentoo-user] Genkernel: non-standard crypto setup Jens Müller
2009-01-02 18:28 ` Dirk Heinrichs
2009-01-02 18:36 ` [gentoo-user] " Jens Müller
2009-01-02 19:03 ` Dirk Heinrichs
2009-01-02 19:20 ` Jens Müller [this message]
2009-01-02 20:42 ` Daniel Troeder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='gjlpdq$kp8$1@ger.gmane.org' \
--to=blog@tessarakt.de \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox