[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: etch installer and dm-crypt

> > I thought the recommended way is to encrypt /home /tmp and /var 
> > because there my 'personal' files are - and let the rest unencrypted 
> > due to the perfomance ...
> Makes sense, but I have read that encryption's performance hit is
> negligible (less than 1%), true?

OK, if this is true, the performance is no argument. Another point is, 
that it possibly is more secure to have more little than one big 300GB 
partition, that it should minimize the risk of data-loss: if one 
partition crashes, the other ones should be ok. 

Yesterday I found something on a ubuntu-forum in the net: For me it 
looks useful... it should work on my debian-box, right? 


2. Edit the startup-script to configure this partition at boot (from /dev/hda1)
Change /etc/mkinitramfs/scripts/local-top/cryptoroot from:
... if grep -q splash /proc/cmdline; then /bin/chvt 1 fi /sbin/cryptsetup luksOpen /dev/sda3 cryptoroot

, to:

... if grep -q splash /proc/cmdline; then /bin/chvt 1 fi echo "Enter your LUKS passphrase for multiboot:"
echo $PASSPHRASE | /sbin/cryptsetup luksOpen /dev/sda3 cryptoroot
echo $PASSPHRASE | /sbin/cryptsetup luksOpen /dev/sda7 cryptodata

3. Update your initrd (from /dev/hda1)
sudo update-initramfs -u ALL

4. Update your /etc/fstab (from /dev/hda3) to mount it at boot
Add the line:
/dev/mapper/cryptodata  /mnt/data ext3  nouser,defaults,errors=remount-ro,atime,auto,rw,dev,exec,suid   0  2


Reply to: