Am Samstag 04 Juli 2009 14:51:54 schrieb Alex Schuster: > Dirk Heinrichs writes: > > > > having said that, you can even do w/o > > initramfs, just put everything into /boot (which should be a separate > > partition, then). Again, see my reply to David for the details. > > Interesting. Getting rid of initramfs looks like a simpler approach, no > need to fiddle with cpio in order to change things.
Also with initramfs, you don't need to fiddle with cpio. The kernel build system does this for you. > I do not want to have to enter a password every time my machine boots, so > I put the key onto a stick. And how do you protect the key on the stick? What if you loose it? > And simply made it the same for all > partitions. And while I was at it, for maximum security, I also put /boot > onto the stick. Sure, who would ever break into my house and modify my > boot partition, replacing the kernel with kernel+keylogger or such... but > then, I would probably also not need to encrypt my stuff at all. Encryption doesn't protect a _running_ system, because then, all needed LVs are readable. It only protects the system while switched of (so that an attacker can not acces your data after stealing the entire system, or after you sold your harddisk). > > Then you did something wrong. It works out of the box. > > Really? I know it does for root and swap (it works here), but how do I > tell the system to also luskOpen all my other LVM volumes? By listing them in /etc/conf.d/dmcrypt.
signature.asc
Description: This is a digitally signed message part.
