Re: mkinitrd: encrypted LVM ?
> I'd like to have all partitions like / /var /usr /home ... in one
> large LVM, and have all this LVM encrypted together instead of
> encrypting the logical volumes one by one.
I don't know about sarge, but I'm doing exactly this on unstable with
yaird. I have a disk partition which is a LUKS encrypted volume, which
contains an LVM physical volume, and the system is installed in logical
volumes within that. /boot (containing the kernel and initrd) is on a
separate plaintext partition, of course.
To get it to work, I had to add
types = [ "device-mapper", 16 ]
into /etc/lvm/lvm.conf in order to make LVM recognize PVs on dm-crypt
devices. I also had to make one minor bugfix: in /etc/init.d/lvm, I
had to add a duplicate copy of the line that says
/sbin/vgscan $IGNORELOCKINGFAILURES $MKNODES || true
because for some reason the first call fails to find the volume group,
but doing it again succeeds. (I've been meaning to investigate this and
file a bug report, but I haven't done so yet.)
The Debian installer doesn't support creating encrypted volumes of any
sort, so I installed using debootstrap from an Ubuntu liveCD. The
liveCD doesn't have cryptsetup installed by default; I had to add the
universe repository to sources.list and install cryptsetup manually.
Directions for installing Debian using debootstrap are at
http://www.debian.org/releases/stable/i386/apcs04.html.en
Reply to: