linux.gentoo.user

--Sig_/0ju37XFhUubBUkm4b0eOXql
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

On Sun, 30 Mar 2008 09:50:47 +0200, Dirk Heinrichs wrote:

> > However, the setup doesn't work. I'm not asked for the passphrase, the
> > mappings are not created. What did I forget? =20
>=20
> That the mappings are created all in one go before anything is mounted,
> so you can't put the keyfile for /var into /boot. The only thing that
> would work is to put the keyfile on the root fs, because that's the
> only one that is mounted when the mappings are created, like:

You can if you add

pre_mount=3D"mount /dev/mapper/boot /boot"

to the boot stanza of dmcrypt, it forces the filesystem to be mounted
immediately.

I ue a variant of this, where keys are stored on a dedicated partition.
The pre_mount and post_mount (which unmounts the filesystem) ensure that=20
the keys are only visible for as long as it takes to mount the other
filesystems.


--=20
Neil Bothwick

Thesaurus: ancient reptile with an excellent vocabulary

--Sig_/0ju37XFhUubBUkm4b0eOXql
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkfvkGkACgkQum4al0N1GQM/3wCfUEyC0zsciv21LzSbtiicu4dy
o4YAoKeGGlrP0LdS3+cLxlHqnd4qtLyV
=OGvQ
-----END PGP SIGNATURE-----

--Sig_/0ju37XFhUubBUkm4b0eOXql--
--
gentoo-user@lists.gentoo.org mailing list