Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
lvm2 + encrypted storage howto
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
neuron
Advocate
Advocate


Joined: 28 May 2002
Posts: 2371

PostPosted: Thu Jan 08, 2004 2:34 pm    Post subject: lvm2 + encrypted storage howto Reply with quote

*** created quickly from my notes, probably not that readable. I'll clean it up a bit later if I remember ;), just didn't want someone else to do the same stuff again. ***


note that I use kernel 2.6, and util-linux 2.12-r4, for the diffrent versions of util-linux the syntax has changed a little.


Created startscript and stopscript:

#Startscript:
Code:

#!/bin/bash
until [ "$PASS1" = "$PASS2" -a -n "$PASS1" ]; do
        # the bash read buitlin has to support the -s option.
        # Don't use read without -s!!
        read -s -p "Enter Passphrase: " PASS1; echo
        read -s -p "Re-enter Passphrase: " PASS2; echo
done

echo "$PASS1" | hashalot sha512 | losetup -p 0 -e aes-256 /dev/loop/0 /mnt/enc/home
echo "$PASS1" | hashalot sha512 | losetup -p 0 -e aes-256 /dev/loop/1 /mnt/enc/lvm1
echo "$PASS1" | hashalot sha512 | losetup -p 0 -e aes-256 /dev/loop/2 /mnt/enc/lvm2
echo "$PASS1" | hashalot sha512 | losetup -p 0 -e aes-256 /dev/loop/3 /mnt/enc/lvm3


*note that I've used /mnt/enc/lvm1-3 here, and home. lvm1-3 I'm gonna change to /dev/hdb1 /dev/hdc1 and /dev/hdd1*


#Stopscript:
Code:

#!/bin/bash
sync
losetup -d /dev/loop/0
losetup -d /dev/loop/1
losetup -d /dev/loop/2
losetup -d /dev/loop/3


#Setup the pvcreate's on my encrypted loopback devices

#pvcreate /dev/loop/1
#pvcreate /dev/loop/2
#pvcreate /dev/loop/3

Create main vg:

#vgcreate vgmain /dev/loop/1 /dev/loop/2

Dunno if this is needed, but it's in my notes so it stays :p

#vgchange -ay vgmain

Check how many free PE's we have with vgdisplay, I had 4 on my test, so I used all of it.

#lvcreate -l 4 vgmain -n storagelv

Just for the heck of it I used only 1 and 2 and then extended it.

#vgextend vgmain /dev/loop/3
Check http://tldp.org/HOWTO/LVM-HOWTO/x592.html for more info on how to resize when you have a filesystem on the volume you are resizing
Again I used vgdisplay to check free pe's, I had two
#lvextend -l+2 /dev/vgmain/storagelv

Formated it with mkfs, gonna use reiserfs later but it wont fit on my 10mb test volumes ;)
#mkfs /dev/vgmain/storagelv

Then it's up, you still have to change the startup and shutdown scripts, so it'll mount properly on boot.

modified /etc/init.d/checkfs
on top I added:

#neuron mod:
/mnt/enc/startscript

and in /etc/init.d/halt.sh
This you have to change after the "vgchange -a n"
#neuron mod:
#sometimes this fails, I think umount tries to losetup -d, and when it fails without error, so this scans over the remaining ones and removes them too
/mnt/enc/stopscript &>/dev/null




What I'd still like to do before I move my main drives over:

Change the startscript/checkfs, so it only launches vgscan if losetup was successfull.
- then I can mount the main system with no password, login, and mount my encrypted lvm2.

do some performance testing ;)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum