At Sun, 16 Nov 2008 17:05:27 +0100, Bernd Speiser wrote: > After taking out the `swap' entry from the luks="..." option in the grub > menu.lst, this also works for swap, although in the boot.msg I find two > times the message: > Trying manual resume from /dev/mapper/swap > resume device /dev/mapper/swap not found (ignoring) This is related to the fact that the crypto fs are enabled too late in the bootprocess. > If I now add an entry for the home partition into /etc/crypttab > home /dev/sda4 /etc/luks-key none > or > home /dev/sda4 /etc/luks-key luks You can generate a keyfile for /home and place it on the encrypted root partition, which is enabled first and so sets free the keyfiles to the other encrypted partitions. Then you have to enter the passphrase just once. > and remove the `home' entry from the menu.lst luks="..." option in the > boot command (now I just have luks="home"), this does no longer work. [....] Your grub should be configured that it only contains the encrypted root: ...root=/dev/mapper/root luks_root="/dev/sda1" luks="root" Then you add the encrypted /home and swap to crypttab: home /dev/disk/by-id/... keyfile none luks swap /dev/disk/by-id/... keyfile swap You have to turn on the boot.crypto script then,you can check the state by doing chkconfig --list boot.crypto and have possibly to turn it on by doing a chckconfig boot.crypto on And now you have to correct the opensuse parallel boot to enable that the encrypted filesystems are going to be activated before the local ones. Check the entry which begins with "boot.localfs" in .depend.boot, it must contain "boot.crypto" first, and so check the line which begins with "boot.crypto", if it contains any "boot.localfs", then delete that. You have to go to /etc/init.d/boot.d now and set the links so that boot.crypto is executed before boot.localfs. And now, you're done! :-) Feel free to email me if you stuck with something. My english is not so good, but you can write in Norwegian, Swedish, Danish and German if you like. --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
