On Fri, 2009-08-14 at 12:09 -0700, Ross Boylan wrote: > I think unless I'm careful I'll end up with an unencrypted initrd that > includes file with the passwords. So I need either to make the boot > partition the one with the user-entered password, or eliminate the > file(s) with the secrets from the initrd. By inspection, the initrd image does not have crypttab, or even fstab. I can't find any explicit documentation of this, but the behavior seems to be to copy only selected files. So that's good--nothing sensitive in the initrd. Not so good is that my root partition is not encrypted. I think I thought this would making booting easier and more robust, but I'm not sure that's really so. /boot is on a separate physical partition (no encryption, RAID, or lvm needed), and that's probably all I need. I'm using grub. Ross > > Debian has a file /etc/cryptab that supports automounting, but I'll > have > to dig around to see how this interacts with the initrd framework (I'm > running Lenny). _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
