Re: How to install with encrypted root?
>11/06/2011 05:52, Christian Jaeger wrote:
[trim]
>> You can use decrypt_derived or random key for the swap
>> partition for instance,
>
> I'm doing that on two other machines, but IIRC this isn't compatible
> with s2disk, which I might want to use on the netbook.
decrypt_derived is compatible with suspend to disk. Use the right script
(/lib/cryptsetup/scripts/decrypt_derived) and fill in
/etc/initramfs-tools/conf.d/resume. Update initramfs.
But in my experience it takes longer to wake up from disk than to
reboot, and you have to type the pass-phrase once anyway. If you
consider that suspend is barely working in Linux, I don't know if it's
worth it.
[trim]
>> Or store the key on a different media
>> plugged-in at boot time
>
> Yeah, I'm still sometimes thinking about such solutions, also for
> normal login; but USB port connectors would be worn out rather quickly
> I guess, and still less convenient than typing a password.
[trim]
You could also store key-files on the first decrypted partition (/root),
if you don't care about the luks setup being vulnerable while running
that would reduce the password typing.
> Christian.
>
Reply to: