dm-crypt questions
Mail List
lists at sapience.com
Fri Jul 6 22:57:35 UTC 2007
(1) initrd and dm-crypt of root partition using luks
I am trying to plan to set up my laptop with root dm-crypted. Is the initrd
that comes with each kernel upgrade going to have the dm-crypt modules -
either coz they are there or coz the image is generated by the kernel rpm? Or
will I need to remake the initrd.img after each kernel update?
I assume somehow I will need to make a new img at least once - does mkinitrd
check all modules currently loaded or do I need to explicitly list the
dm-crypt modules I need
via --with=sha256 --with=aes --with=blkcipher --with=dm-crypt --with=dm_mod
etc.
(2) I'm thinking I need an unencrypted /boot, encrypted / and
encrypted /home. For /home since / is protected I could put one password
directly into the /etc/crypttab. I will make sure crypttab is only root
readable. Seem reasonable?
(3) Might be something to think about for F8 too. Also I didn't yet find a
good howto specifically for F7 - some very nice stuff on www.saout.de and
also good ubuntu stuff for feisty.
(4) Does anyone know offhand if the kde live cd includes cryptsetup-luks and
gparted ? luks-tools? I think the only way to proceed from here is to boot a
live cd and run cryptsetup from there, fix up grub etc aftewards ...
(5) Obviously for a laptop on the road this is pretty important - so Anyone
else doing this and can you offer any guidance?
Thanks,
g/
More information about the fedora-list
mailing list