Re: Full system encryption with support for hibernation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Sun, Oct 25, 2009 at 05:01:11PM +0100, Thomas Bächler wrote:
> 
> It is possible. Consider the following setup:
> 
> You have two partitions, one small (50MB) /boot /dev/sda1, the rest
> /dev/sda2. Now you create a LUKS-Volume in /dev/sda2, let's call
> this volume enc. Inside /dev/mapper/enc create a LVM physical
> volume. Then, create your root, swap, home, ... filesystems as
> logical volumes inside the LVM (let's say they are called
> /dev/vg/{root,swap,home,...}. That way, you just need to enter ONE
> passphrase to be able to access all your volumes, including swap and
> root.
> 
> The installer (AIF) can set all the above up correctly, however, the
> current version will make the wrong grub line. In the described
> setup, it should be:
> 
> cryptdevice=/dev/sda2:enc root=/dev/vg/root resume=/dev/vg/swap ro
> 
> Your mkinitcpio.conf should have the following line:
> 
> HOOKS="base udev pata scsi sata keymap encrypt lvm2 resume filesystems"
> (note that lvm2 is before resume, not after)
> 
> This setup will make it possible to use hibernation on an encrypted
> system without a separate key storage and without having to enter
> more than one passphrase. It is also a very elegant setup, as you
> have the usual advantages of LVM.
> 
> Have fun!
> 

Thanks, helpful hints. 
But does this also work with "suspend-to-ram"?
I mean, when suspending to ram everything remains unencrypted?
Do I see this right?

Vlad

-- 


[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux