[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

encrypting an external HDD filesystem and GNOME3 support


I am interested in creating an encrypted partition (ideally
LVM logical volume) on an external disk, which I will want
to attach and detach from my laptop whilst running.  I use
the GNOME3 environment and am looking for a robust solution
which doesn't require too much fuss.

It would appear that GNOME3/nautilus/udisks (or some
combination thereof) has some rudimentary support for
detecting and mounting LVM volume groups, logical
volumes and dm_crypt devices. However the dm_crypt+LVM
combination doesn't work well yet, at all (what happens
is described below)

My question is, does anyone currently achieve a
hot-pluggable, encrypted filesystem, accessible with the
minimum of fuss via a modern GUI environment, and if so,
what do they use?

Thanks in advance for any answers.

(details about how well LVM/dm_crypt and GNOME3 play
together follow)

If I plug a disk with an LVM-formatted partition, an icon
for the VG appears in nautilus. Clicking on that requires
user authentication, after which an icon appears for the
LVs within.

For a plain (non-encrypted) LV, double-clicking that
requires another user authentication, upon which the LV
is mounted.

For an encrypted LV, double-clicking it prompts for a
decryption passphrase, then follows up with an
authentication prompt (as above).

I then get an error message ("Internal error: No mount
object for mounted volume") and a pop-up telling me that
a filesystem has appeared simultaneously.  The filesystem
appears to be mounted.  However, when you unmount the volume
in nautilus, the dm_crypt device is not properly closed.

It would appear that LVM/dm_crypt are not adequately
supported in the desktop stack yet, but that they probably
will be soon.  The two auth prompts in the non-encrypted
case may be possible to configure away via policykit.

ii  gnome-shell
ii  nautilus       3.2.1-3
ii  udisks         1.0.4-5
ii  lvm2           2.02.88-2
ii  cryptsetup     2:1.4.1-2

Jon Dowland

Reply to: