Am 11.03.2012 16:38, schrieb Valmor de Almeida: > > Hello, > > I have not looked at encryption before and find myself in a situation > that I have to encrypt my hard drive. I keep /, /boot, and swap outside > LVM, everything else is under LVM. I think all I need to do is to > encrypt /home which is under LVM. I use reiserfs. > > I would appreciate suggestion and pointers on what it is practical and > simple in order to accomplish this task with a minimum of downtime. > > Thanks, > > -- > Valmor >
Is it acceptable for you to have a commandline prompt for the password when booting? In that case you can use LUKS with the /etc/init.d/dmcrypt init script. /etc/conf.d/dmcrypt should contain some examples. As you want to encrypt an LVM volume, the lvm init script needs to be started before this. As I see it, there is no strict dependency between those two scripts. You can add this by adding this line to /etc/rc.conf: rc_dmcrypt_after="lvm" For creating a LUKS-encrypted volume, look at http://en.gentoo-wiki.com/wiki/DM-Crypt You won't need most of what is written there; just section 9, "Administering LUKS" and the kernel config in section 2, "Assumptions". Concerning downtime, I'm not aware of any solution that avoids copying the data over to the new volume. If downtime is absolutely critical, ask and we can work something out that minimizes the time. Regards, Florian Philipp
signature.asc
Description: OpenPGP digital signature
