You are not logged in.

Pages: 1

#1 2012-10-30 15:27:13

doupod
Member
Registered: 2012-09-06
Posts: 73

Encrypt filesystem : LVM on Luks ?

Hi,

I'd like to install Arch and to encrypt my filesystem. I also want to use lvm and to have a keyfile stored on a usb stick.

I found these guides : http://www.pindarsign.de/webblog/?p=767 and http://forums.archlinux.fr/topic5765.html (in french).

I did everything according to these guides but when I boot, I get an error : "Refusing activation of partial LV".


I think this error is due to the way I partitionate my drives.

I have two drives :
- First, 128 GB

/dev/sda1 : 200Mo /boot en ext2
/dev/sda2 : 70Go used pour lvm

- Second, 1TB :

/dev/sdb1 : 850GB used for lvm

I created one physical volume for each partition I use for LVM. And I created only one volume group (extended on the second hard drive). I manage to mount the partitions manually if I boot on the install medium and manually mount them.

In my /boot/grub/grub.cfg, I added 

cryptdevice=/dev/sda2:vgroup cryptkey=/dev/disk/by-label/keys:ext2:/crypt.key

before root=...

I think that the problem may be I don't decrypt /dev/sdb1 (only /dev/sda2 is in Grub.cfg) but I didn't find any information about this case on the web...

Thanks

Offline

#2 2012-10-30 18:14:23

aesiris
Member
Registered: 2012-02-25
Posts: 97

Re: Encrypt filesystem : LVM on Luks ?

The encrypt hook from mkinitpcio does not support multiple partitions: see https://bugs.archlinux.org/task/23182, https://bugs.archlinux.org/task/15738.
If you need to open both from the initramfs you will need to write a custom encrypt hook (read the previous bugreports for examples).

Or you can use an "lvm on luks on lvm" setup, then you should be able to boot with 

HOOKS="... lvm2 encrypt lvm2 ..."

Offline

#3 2012-10-30 19:17:39

doupod
Member
Registered: 2012-09-06
Posts: 73

Re: Encrypt filesystem : LVM on Luks ?

I managed to make it work using cryptsetup_multi from AUR.

Another question :
Is it possible to automatically open a session via a file stored on a USB key (as we can do to remotely connect to SSH via public/private key). As my whole system is encrypted with a key file stored on a USB key, it would be a great thing to be able to login with an authentication file.
Else, I will enable autologin but it's less flexible. Using a file on a USB key we can imagine to connect to different accounts with different files on the USB key.

Thanks !

Offline

Pages: 1

Board footer

Powered by FluxBB