[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mkinitrd: encrypted LVM ?

> I'd like to have all partitions like / /var /usr /home ... in one
> large LVM, and have all this LVM encrypted together instead of
> encrypting the logical volumes one by one. 

I don't know about sarge, but I'm doing exactly this on unstable with
yaird.  I have a disk partition which is a LUKS encrypted volume, which
contains an LVM physical volume, and the system is installed in logical
volumes within that.  /boot (containing the kernel and initrd) is on a
separate plaintext partition, of course.

To get it to work, I had to add
    types = [ "device-mapper", 16 ]
into /etc/lvm/lvm.conf in order to make LVM recognize PVs on dm-crypt
devices.  I also had to make one minor bugfix:  in /etc/init.d/lvm, I
had to add a duplicate copy of the line that says
    /sbin/vgscan $IGNORELOCKINGFAILURES $MKNODES || true
because for some reason the first call fails to find the volume group,
but doing it again succeeds.  (I've been meaning to investigate this and
file a bug report, but I haven't done so yet.)

The Debian installer doesn't support creating encrypted volumes of any
sort, so I installed using debootstrap from an Ubuntu liveCD.  The
liveCD doesn't have cryptsetup installed by default; I had to add the
universe repository to sources.list and install cryptsetup manually.
Directions for installing Debian using debootstrap are at

Reply to: