Re: cloning a lvm crypto volume to a bigger disk

To: debian-user@lists.debian.org
Subject: Re: cloning a lvm crypto volume to a bigger disk
From: "tv.debian@googlemail.com" <tv.debian@googlemail.com>
Date: Thu, 07 Jul 2011 15:06:33 +0200
Message-id: <[🔎] 4E15AF59.8040009@googlemail.com>
In-reply-to: <[🔎] 20110707063525.GW4466@wasteland.homelinux.net>
References: <[🔎] CABOora5YCBSiC9Eb3h9fTvdryrVUD6hyZoZE5YBQhbeG2evTjg@mail.gmail.com> <[🔎] 20110705095752.GP4466@wasteland.homelinux.net> <[🔎] CABOora4_nERO3gQ3PZt9jGY2+vP7PXHux+82DiwKq6=8PBmogw@mail.gmail.com> <[🔎] 20110705165222.GR4466@wasteland.homelinux.net> <[🔎] CABOora5TjzdVc=d_Q4C3GgeWk0uzQvVzChKNPRdBpo9Aef5fFQ@mail.gmail.com> <[🔎] 20110706100142.GU4466@wasteland.homelinux.net> <[🔎] CABOora4_uozdW81KS1BZGQjYYZ_gThyRV+pk_PbOnxqKSMR52Q@mail.gmail.com> <[🔎] 20110707063525.GW4466@wasteland.homelinux.net>

07/07/2011 08:35, Jochen Schulz wrote:
>> Colin:
[trim]
>> I guess if I didn't have it I would need a separate dm-crypt and LUKS
>> partition for each of /, /home and swap which in turn would mean 3
>> separate keys + passwords.
> 
> Yes. You could get away with only one passphrase if you put key files
> for the other filesystems on that one.
> 
> J.

Here I use on my desktop a pass-phrase for / (typed during boot),
decrypt_derived for swap (see #8 in
/usr/share/doc/cryptsetup/README.initramfs.gz), and pam-mount for /home
(decrypting is done on login).
On the laptop I use essentially the same setup, but /boot and the /
key-file are stored on an usb flash-disk with hardware encryption (see
#10 in /usr/share/doc/cryptsetup/README.initramfs.gz), this way I only
need to type in my login, it makes booting the laptop quicker.
If you don't care about suspend to disk you can also use a swap file on
an encrypted partition instead of decrypt_derived, or a random key
generated on startup, reducing complexity.

Reply to:

References:
- cloning a lvm crypto volume to a bigger disk
  - From: Colin <colintempler@gmail.com>
- Re: cloning a lvm crypto volume to a bigger disk
  - From: Jochen Schulz <ml@well-adjusted.de>
- Re: cloning a lvm crypto volume to a bigger disk
  - From: Colin <colintempler@gmail.com>
- Re: cloning a lvm crypto volume to a bigger disk
  - From: Jochen Schulz <ml@well-adjusted.de>
- Re: cloning a lvm crypto volume to a bigger disk
  - From: Colin <colintempler@gmail.com>
- Re: cloning a lvm crypto volume to a bigger disk
  - From: Jochen Schulz <ml@well-adjusted.de>
- Re: cloning a lvm crypto volume to a bigger disk
  - From: Colin <colintempler@gmail.com>
- Re: cloning a lvm crypto volume to a bigger disk
  - From: Jochen Schulz <ml@well-adjusted.de>

Prev by Date: Re: Powering off or resetting USB peripherals
Next by Date: Re: Youtube flash not working
Previous by thread: Re: cloning a lvm crypto volume to a bigger disk
Next by thread: Howto install a debugging kernel in debian?
Index(es):
- Date
- Thread