On 03/11/2012 02:29 PM, Florian Philipp wrote: > Am 11.03.2012 16:38, schrieb Valmor de Almeida: >> >> Hello, >> >> I have not looked at encryption before and find myself in a situation >> that I have to encrypt my hard drive. I keep /, /boot, and swap outside >> LVM, everything else is under LVM. I think all I need to do is to >> encrypt /home which is under LVM. I use reiserfs. >> >> I would appreciate suggestion and pointers on what it is practical and >> simple in order to accomplish this task with a minimum of downtime. >> >> Thanks, >> >> -- >> Valmor >> > > > Is it acceptable for you to have a commandline prompt for the password > when booting? In that case you can use LUKS with the /etc/init.d/dmcrypt
I think so. > init script. /etc/conf.d/dmcrypt should contain some examples. As you > want to encrypt an LVM volume, the lvm init script needs to be started > before this. As I see it, there is no strict dependency between those > two scripts. You can add this by adding this line to /etc/rc.conf: > rc_dmcrypt_after="lvm" > > For creating a LUKS-encrypted volume, look at > http://en.gentoo-wiki.com/wiki/DM-Crypt Currently looking at this. > > You won't need most of what is written there; just section 9, > "Administering LUKS" and the kernel config in section 2, "Assumptions". > > Concerning downtime, I'm not aware of any solution that avoids copying > the data over to the new volume. If downtime is absolutely critical, ask > and we can work something out that minimizes the time. > > Regards, > Florian Philipp > Since I am planning to encrypt only home/ under LVM control, what kind of overhead should I expect? Thanks, -- Valmor
