Unlocking several crypto discs during boot
Xen
list at xenhideout.nl
Fri Oct 13 18:21:05 UTC 2017
Volker Wysk schreef op 13-10-2017 19:46:
> -------------
> This could be done better by making the user enter just one password,
> and
> unlocking all matching crypto disks with it. So I would set the same
> password
> for both crypto disks, and would have to enter the password only once.
> This is
> my feature request.
> -----snip----
So how would you propose you would configure this?
See the problem is that you are using a PV sitting in a LUKS container
on a different disk.
If your LUKS container was sitting IN the cached LV (origin) there would
be no need for a second LUKS container because the cache would be
automatically encrypted.
That means you would have this kind of setup:
/dev/sda1 ---> PV ---> VG ---> origin LV ---> LUKS ---> PV ----> VG
----> partitions
If you wanted multiple cached partitions.
If you don't want multiple cached partitions it becomes simply this:
/dev/sda1 ---> PV ---> VG ---> root origin LV ---> LUKS ---> filesystem
---> unencrypted LV
---> unencrypted LV
/dev/sdb1 ---> PV ---> VG ---> root cache LV
This seems to be the preferred setup for encrypting and caching just the
root filesystem.
----------------------------------
Your usecase is really not particular to caching. It is particular to
having multiple disks.
Or having multiple disks with LUKS containers.
So your feature request is really for decryption of multiple 'adjacent'
partitions that happen to have the same password.
More information about the ubuntu-users
mailing list