Re: etch installer and dm-crypt
> > I thought the recommended way is to encrypt /home /tmp and /var
> > because there my 'personal' files are - and let the rest unencrypted
> > due to the perfomance ...
>
> Makes sense, but I have read that encryption's performance hit is
> negligible (less than 1%), true?
OK, if this is true, the performance is no argument. Another point is,
that it possibly is more secure to have more little than one big 300GB
partition, that it should minimize the risk of data-loss: if one
partition crashes, the other ones should be ok.
Yesterday I found something on a ubuntu-forum in the net: For me it
looks useful... it should work on my debian-box, right?
8<------------------------------------------
2. Edit the startup-script to configure this partition at boot (from /dev/hda1)
Change /etc/mkinitramfs/scripts/local-top/cryptoroot from:
Code:
... if grep -q splash /proc/cmdline; then /bin/chvt 1 fi /sbin/cryptsetup luksOpen /dev/sda3 cryptoroot
, to:
Code:
... if grep -q splash /proc/cmdline; then /bin/chvt 1 fi echo "Enter your LUKS passphrase for multiboot:"
read -s PASSPHRASE
echo $PASSPHRASE | /sbin/cryptsetup luksOpen /dev/sda3 cryptoroot
echo $PASSPHRASE | /sbin/cryptsetup luksOpen /dev/sda7 cryptodata
3. Update your initrd (from /dev/hda1)
sudo update-initramfs -u ALL
4. Update your /etc/fstab (from /dev/hda3) to mount it at boot
Add the line:
Code:
/dev/mapper/cryptodata /mnt/data ext3 nouser,defaults,errors=remount-ro,atime,auto,rw,dev,exec,suid 0 2
-------------------------------------------->8
Regards,
sigi.
Reply to: