http://bugzilla.novell.com/show_bug.cgi?id=463356
User contact@philipashmore.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=463356#c8
--- Comment #8 from Philip Ashmore 2009-10-16 12:42:50 MDT ---
Here's how I went about getting OpenSuse on an encrypted LVM.
Install OpenSuse on a 4.7G partition (A) using LVM with a 500M (tiny) swap.
Using a live cd, back up the root logical volume device to a file with dd (why
can't rsync do this?)
Wipe the Physical volume and create an encrypted partition, see cryptsetup for
details. Then open it with cryptsetup luksOpen ...
Create the lvm volume group using the device dmcrypt creates as the physical
volume.
recreate the root and swap logical volumes. These can be as large as you like.
Use dd to restore root (R)
Use resize2fs <R> to make it fill the logical volume
Use mkswap to set up the swap space.
Make sure that /etc/sysconfig/kernel includes the required modules:
INITRD_MODULES="processor thermal ahci ata_piix fan jbd ext3 dm_mod edd aes
sha256 dm_crypt cbc
I did a diff from what I had on a backup OpenSuse partition compared to what's
on the DVD and attached it as cryptodev-patch.txt.
The core of the functionality is an extra option on the grub kernel entry
kernel ... cryptodev=/dev/sda3
or
kernel ... cryptodev=UUID=6dcbae25-48f3-4d1d-a494-d7c8c7af0043
this is handled by extra mkinitrd scripts that use cryptsetup "stage" to unlock
this device for use by LVM2 - once you've entered the pass-phrase, when
prompted
by cryptsetup in boot-cryptodev.sh.
Files I added:
boot-cryptodev.sh
setup-cryptodev.sh
Files I modified:
boot-lvm2.sh <= #%depends: evms cryptodev (was #%depends: evms)
Files that found their way into the diff (added during installation?)
boot-resume.kernel.sh
boot-resume.userspace.sh
I think you may have to specify cryptodev as a "feature" when running mkinitrd
for the first time (use -v to see that the cryptodev feature is implanted into
initrd from the verbose listing). I forget the exact term used.
It's up to you what you want to do with boot-resume.kernel.sh and
boot-resume.userspace.sh - I guess they get added during installation.
See if they differ from yours.
Then install Xen and see if it picks up cryptodev when mkinitrd creates initrd.
I hope this helps you to reproduce this problem.
If not then at least you will have an encrypted LVM!
Apologies in advance if I missed something - it's been a while and my records
are possibly incomplete.
Philip
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.