Re: Many LUKS partitions
Salvatore Iovene (<salvatore@iovene.com>) wrote:
> On Mon, 30 Apr 2007 18:22:48 +0300 Salvatore Iovene
> <salvatore@iovene.com> wrote:
>
>> On Mon, 30 Apr 2007 15:14:44 +0200 Andreas Janssen
>> <andreas.janssen@bigfoot.com> wrote:
>>
>> > - add the key to the luks-Partitions using cryptsetup luksAddKey
>> > - make an entry for your stick in your fstab, e.g. /media/key
>> > - copy the keyfile to the stick, e.g. to /media/key/keyfile
>> > - change your crypttab to use the keyfile, e.g.
>> > usr-crypt /dev/hda7 /media/key/keyfile
>> > luks
>> > - change CRYPTDISKS_MOUNT in /etc/defaults/cryptsetup to include
>> > your USB stick, e.g. CRYPTDISKS_MOUNT="/media/key"
>> > - rebuild your initrd using update-initramfs -u
>>
>> Hi, thanks a lot, that worked very well. Just a note: the entry for
>> the usb stick in fstab has to have the following options:
>> uid=0,gid=0,umask=277.
>
> By the way, could you explain to me why the update-initramfs -u is
> needed? Thanks.
The initial ram disk is mounted first and supplies a minimal system that
is sufficient to load drivers, initialize LVM/raid/crypto devices in
order to mount your root partition. If you encrypt your root partition,
you need to update the ram disk so a new initrd is created that can set
up your encrypted root partition properly, otherwise you wouldn't be
able to mount it. You can also have it set up other encrypted
partitions, although this is not absolutely necessary.
regards
Andreas Janssen
--
Andreas Janssen <andreas.janssen@bigfoot.com>
PGP-Key-ID: 0xDC801674 ICQ #17079270
Registered Linux User #267976
http://www.andreas-janssen.de/debian-tipps-sarge.html
Reply to: