On Tue, Mar 08, 2016 at 03:50:19PM -0800, Max R.D. Parmer wrote: > On Tue, Mar 8, 2016, at 15:06, Frank Steinmetzger wrote: > > On Wed, Mar 09, 2016 at 12:02:23AM +0100, Frank Steinmetzger wrote: > > > > > > If you would like to get rid of the /run/lvm/lvmetad.socket error just > > > > start lvm with "service lvm start". I still get the error when starting > > > > up but it still works. > > > > > > I noticed that and quickly found /etc/init.d/lvmetad, but since I'm doing > > > only the setup on this PC, I don't realler bother. > > > > I would actually prefer a simple partition table within the luks > > container. > > I have no real need for the flexibility of LVM and it would only embiggen > > the required initramfs and make the boot process more complex. > > But folks on IRC told me was not possible. > > > > -- > > Gruß | Greetings | Qapla’ > > Please do not share anything from, with or about me with any social > > network. > > > > There are things of which I do not even talk to myself.
> Frank, I can attest that it is possible to have an encrypted root > without involving LVM. [...] > You are doing things in a reasonable order it seems to me. First you > create the partition table, then you luksFormat the partition which is > to be encrypted (presumably leaving /boot unencrypted), and then you run > pvcreate on the encrypted partition (although if you do not wish to use > lvm, you should just run mkfs on the dm-crypt device in /dev/mapper). Sounds to me you are speaking of LUKSing a single partition. That is not what I aim at. I've been using unencrypted / and encrypted /home on my old laptop just fine, but on an SSD, I prefer full-device encryption for everything due to the nondeterministic nature of SSD wear leveling. Running pvcreate on the encrypted partition is what spawned this thread in the first place: it denies cooperation. > LVM can be nice, though, as it lets you have a multitude of logical > volumes all within a single encrypted disk partition Hence my appended remark on whether it’s possible to use a partition table inside a LUKS container. > (otherwise maybe you would have everything on one partition and your > system would fail if /var got full, or you would have several separately > encrypted partitions which could cause other troubles). Nah, I do have a partitioning scheme of /, /home and /data. I rarely ever have space problems, especially with /. My main PC has 50 G for /, and with all kinds of big software including debug information for everything, distfiles for all installed packages and a kernel tree, only uses 33 Gig of that. > Could you send us the output of "stat `readlink -f /dev/mapper/lvm`" (or > in your first example, "stat `readlink -f /dev/mapper/tp`")? I am > interested to see that the file exists and has the correct attributes > after you perform your `cryptsetup luksOpen` operation. The files in > /dev/mapper are symlinks to /dev/dm-* devices, this will resolve the > symlink and then run stat on the real underlying dm-* device. It is a symlink and the corresponding dm file is there: kern $ readlink -f /dev/mapper/tp /dev/dm-1 kern $ ll /dev/dm-1 brw-rw---- 1 root disk 254, 1 9. Mär 01:01 /dev/dm-1 (dm-0 being the host PC’s /home) I got a reply off-list that it is possible to create a partition table within a LUKS container. Well, technically I tried this yesterday already (parted /dev/mapper/tp). But I don't know how to access the separate partitions within it for formatting and mounting. Using losetup? -- Gruß | Greetings | Qapla’ Please do not share anything from, with or about me with any social network. Someone who works has no time to earn money.
signature.asc
Description: Digital signature
