On Sun, Oct 25, 2009 at 05:01:11PM +0100, Thomas Bächler wrote:
It is possible. Consider the following setup:
You have two partitions, one small (50MB) /boot /dev/sda1, the rest /dev/sda2. Now you create a LUKS-Volume in /dev/sda2, let's call this volume enc. Inside /dev/mapper/enc create a LVM physical volume. Then, create your root, swap, home, ... filesystems as logical volumes inside the LVM (let's say they are called /dev/vg/{root,swap,home,...}. That way, you just need to enter ONE passphrase to be able to access all your volumes, including swap and root.
The installer (AIF) can set all the above up correctly, however, the current version will make the wrong grub line. In the described setup, it should be:
cryptdevice=/dev/sda2:enc root=/dev/vg/root resume=/dev/vg/swap ro
Your mkinitcpio.conf should have the following line:
HOOKS="base udev pata scsi sata keymap encrypt lvm2 resume filesystems" (note that lvm2 is before resume, not after)
This setup will make it possible to use hibernation on an encrypted system without a separate key storage and without having to enter more than one passphrase. It is also a very elegant setup, as you have the usual advantages of LVM.
Have fun!
Thanks, helpful hints. But does this also work with "suspend-to-ram"? I mean, when suspending to ram everything remains unencrypted? Do I see this right? Vlad --