From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LIpZo-0005jt-1p for garchives@archives.gentoo.org; Fri, 02 Jan 2009 19:20:56 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1DDB1E0324; Fri, 2 Jan 2009 19:20:54 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id E6598E0324 for ; Fri, 2 Jan 2009 19:20:53 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 7A85F64C4A for ; Fri, 2 Jan 2009 19:20:53 +0000 (UTC) X-Virus-Scanned: amavisd-new at gentoo.org X-Spam-Score: -2.367 X-Spam-Level: X-Spam-Status: No, score=-2.367 required=5.5 tests=[AWL=1.232, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HM-TbCZi63uO for ; Fri, 2 Jan 2009 19:20:46 +0000 (UTC) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id 97F2764C53 for ; Fri, 2 Jan 2009 19:20:43 +0000 (UTC) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1LIpZX-0001af-88 for gentoo-user@gentoo.org; Fri, 02 Jan 2009 19:20:39 +0000 Received: from e180078040.adsl.alicedsl.de ([85.180.78.40]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 02 Jan 2009 19:20:39 +0000 Received: from blog by e180078040.adsl.alicedsl.de with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 02 Jan 2009 19:20:39 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: =?ISO-8859-15?Q?Jens_M=FCller?= Subject: [gentoo-user] Re: Genkernel: non-standard crypto setup Date: Fri, 02 Jan 2009 20:20:26 +0100 Message-ID: References: <200901021928.56817.dirk.heinrichs@online.de> <200901022003.40873.dirk.heinrichs@online.de> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: e180078040.adsl.alicedsl.de User-Agent: Thunderbird 2.0.0.19 (X11/20081231) In-Reply-To: <200901022003.40873.dirk.heinrichs@online.de> Sender: news Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 26ee61b3-cb0e-47b2-b667-fb0c15a570d6 X-Archives-Hash: 85353adc49dc352af277e4726c8ea981 Dirk Heinrichs schrieb: > Am Freitag, 2. Januar 2009 19:36:28 schrieb Jens M=FCller: >> Dirk Heinrichs schrieb: >>> Just to make sure I understand what you want to do: You have encrypte= d >>> physical volumes which you want to combine into an LVM volume group a= nd >>> then put logical volumes into this VG? >> Raid part 1 \ >> Raid part 2 >- Raid5 -> /dev/md127 =3D PV1 >> Raid part 3 / >> >> ...(possibly others)... >> PV1 --LVM--> VG1 ---> LV1: \dev\mapper\vg1-crypt >> >> LV1: \dev\mapper\vg1-crypt --cryptsetup--> \dev\mapper\crypt_pv >> >> \dev\mapper\crypt_pv =3D PV2 --LVM--> VG1 ---> (all the partitions) >> >> Basically, I have one encrypted "physical" volume, but I want to be >> flexible ... >=20 > If you have one encrypted PV from which you build a VG, then every LV i= nside=20 > it will automatically be encrypted. So where's the flexibility? I meant it's more flexible than encrypting /dev/md127 itself. E.g., I can create a snapshot of an LV which is still encrypted. > Means: >=20 > PV1 --cryptsetup--> PV1_crypt --vgcreate--> VG1 --lvcreate--> LVx >=20 > To be able to choose wether to encrypt each LV or not, you need to encr= ypt at=20 > LV level, like: >=20 > PV1 --vgcreate--> VG1 --lvcreate--> LVx --cryptsetup--> LVx_crypt >=20 > For the latter I have some scripts ready to create an initramfs which c= an be=20 > combined with the kernel (It's for EVMS, but it should be easy to adapt= to=20 > LVM. Well, the genkernel default script can be given a "crypt_root", can load the key from a USB device, etc. ...