You are not logged in.
Pages: 1
Hi folks!
I just began my first steps with Arch in a VM and everyhting is fine so far. The Wiki and Forums covered all things that have come up till now.
But I came across a situation that I had multiple times in the past, but never thought about it. Is more a general thing rather than specific to Arch. But I found some resources about similar things here. So i think it is ok to drop that here.
My root partition ran out of space. But as I set it up as an LVM - no problem of expanding it. Added new disk (/dev/sdb) to the VM, pvcreate, vgextend, etc etc ...
That was fine and it is working - BUT:
The Partition /dev/sda2 where the LVM lives in is an LUKS encrypted device, which is not a problem, just the point of my question. Because what I can not get sorted by myself is: Is the data on the new /dev/sdb1 stored crypted or not!?
this is my disk-layout:
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 8G 0 disk
|-sda1 8:1 0 1G 0 part /boot
`-sda2 8:2 0 7G 0 part
`-vg0 254:0 0 7G 0 crypt
|-vg0-swap 254:1 0 512M 0 lvm [SWAP]
|-vg0-root 254:2 0 7G 0 lvm /
`-vg0-home 254:3 0 4.5G 0 lvm /home
sdb 8:16 0 5G 0 disk
`-sdb1 8:17 0 5G 0 part
`-vg0-root 254:2 0 7G 0 lvm /
and the luks-partition:
[root@arch ~]# cryptsetup status /dev/mapper/vg0
/dev/mapper/vg0 is active and is in use.
type: LUKS1
cipher: aes-xts-plain64
keysize: 256 bits
key location: dm-crypt
device: /dev/sda2
sector size: 512
offset: 4096 sectors
size: 14673887 sectors
mode: read/write
lvm pvdisplay:
[root@arch ~]# pvdisplay
--- Physical volume ---
PV Name /dev/mapper/vg0
VG Name vg0
PV Size <7.00 GiB / not usable 4.98 MiB
Allocatable yes (but full)
PE Size 4.00 MiB
Total PE 1790
Free PE 0
Allocated PE 1790
PV UUID bAhrrZ-42cW-b6td-1kgP-LtZQ-y6Z1-utjivB
--- Physical volume ---
PV Name /dev/sdb1
VG Name vg0
PV Size <5.00 GiB / not usable 3.00 MiB
Allocatable yes (but full)
PE Size 4.00 MiB
Total PE 1279
Free PE 0
Allocated PE 1279
PV UUID tIj7ca-Pcc2-M1TV-KsaU-ItoM-Gfhq-p2U5fb
and the encryt stuff for the efi boot:
[root@arch ~]# cat /boot/loader/entries/arch.conf
[...>8...]
options cryptdevice=UUID=1c76ecc8-7697-4bad-8267-e0b3b8c5f6ba:vg0 root=/dev/vg0/root quiet rw
I am pretty sure I am missing something essential here.
Offline
Not if you didn't encrypt it before adding it to the volume.
Moving to Kernel andHarware...
Offline
Thanks for you quick response! and for moving me to the right place .. sorry about that.
So ok, that makes sense of course.
but this would imply that if I crypt /dev/sdb1 as well, I have to enter a password for every crypted partition right? (so 2 in this case)
and do something like
options cryptdevice=UUID=1c76ecc8-7697-4bad-8267-e0b3b8c5f6ba:vg0
crytdevice=UUID=[dev/sdb1-uuid]:crypt_sdb1 root=/dev/vg0/root quiet rw
and add /dev/mapper/crypt_sdb1 to my LVM?
Offline
Hmm, that's an interesting question. With / split across the devices, will you be able unlock the second with a keyfile? May as well give it a shot...
Offline
Pages: 1