On Tue, 2014-06-24 at 17:18 +0200, Lee Williams wrote:
> Hello,That was my thought too. Out of the box? Probably not.
>
>
> since I have to reinstall my NAS on a new HDD, I thought it would be a
> good idea to set up encryption this time. But I'm not sure how exactly
> I should start on this.
>
>
> I think the standard way to do this is using the dm-crypt facilities
> built into the Debian installer. Now, will this work with a headless
> machine where I can't enter anything on boot time?
The installer will allow this I think (you'll need to ignore the warning
> If it's possible to disable SWAP and encrypt /home,
about no swap)
You'd likely have to arrange for all that yourself and you'd be going
> could it be mounted remotely after boot?
pretty far of the beaten track I think, which probably means hacking
something up yourself (even after googling for prior art would be my
guess) but if you are willing to spend the time making it work it ought
to be possible in theory.
They would certainly normally start after the mount, but if you were
> And what about services that run on those volumes, they should surely
> start after the mount, shouldn't they?
deferring the mount somehow then you might need to arrange to defer
those services too. Or otherwise to stall the boot process until things
were remotely enabled somehow.
TS-119 is kirkwood based I think, so there is some hardware acceleration
> Finally, is this even a good idea? Will it cost too much performance?
> I'm using a TS-119 and am not sure if any crypto would be accelerated.
(md5, sha-1, aes) and an associated kernel driver (mv_cesa). I don't
know to what extent that is useful for dm-crypt etc though (md5
obviously not so much ;-)).
Ian.
--
To UNSUBSCRIBE, email to debian-arm-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: [🔎] 1403632594.1829.25.camel@dagon.hellion.org.uk" target="_blank">https://lists.debian.org/[🔎] 1403632594.1829.25.camel@dagon.hellion.org.uk