[arch-general] server with an encrypted non-root disk
Dieter Plaetinck
dieter at plaetinck.be
Thu Aug 27 16:36:54 UTC 2009
Hi, I have a little server at home which has an encrypted disk mounted at /home/media/1tbdisk
I added it to crypttab and the decrypted dm device to fstab, but i have the following problems:
1) the keymap upon luksOpen is qwerty, even though i have my keymap set in rc.conf and added 'keymap' to hooks in rc.conf
I ran `mkinitcpio -p kernel26` in the shell that the init(script) gave me when it tried to mount /dev/mapper/decrypted (after i mounted -o remount,ro /). Do i really have to run mkinitcpio again from the real system and reboot? (i can do it, but would like to know what might have gone wrong here)
2) even when i'm sure i'm typing correct pass (in qwerty) it doesn't unlock. i added dm_crypt to modules in rc.conf but
no change. it asks the pass 3 times and then fstab tries to mount the nonexisting device and i get the shell
If i comment out the entries in crypttab and fstab and unlock+mount myself after boot, it works fine.
3) even if for some reason one fails to unlock the volume, it would be
nice that the boot process can continue. maybe there could also be a
timeout: not unlocked within 60s, continue boot process. is this possible to do or would it make things too complicated?
4) suppose one can fix the stuff in the shell that you get from the fstab hook, is it possible to
just resume boot instead of rebooting?
5) any other thoughts about this kind of setup? I know it's possible if you have IPMI to do serial over lan and type your password from anywhere around the globe during bootup. but i don't have ipmi, so if no-one can unlock the volume in x seconds, it can continue booting.
Dieter
More information about the arch-general
mailing list