On Wed, Sep 3, 2014 at 8:04 PM, Carlos E. R. <carlos.e.r@opensuse.org> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2014-09-04 01:37, Bjoern Voigt wrote:
Opening root and others, with a single password entry, perhaps? That would be nice. Currently with YaST you have to do it with an LVM container. Doing it with plain encrypted partitions is not supported in openSUSE (others do it, AFAIK). I think, it is or it was until OS 13.1 a limitation of the installer. I already tried to create an encrypted root filesystem without LVM manually. This worked, but it had too many
Carlos E. R. wrote: limitations, e.g. no installation or system upgrade with DVD. It would be nice do have this feature in Factory. LVM is OK, but I think, it's a bit too much for simple installations on laptops. I think the password problem is not big one, if all filesystems and SWAP use the same password input.
The password problem has a trick that obviates the need by "something" to capture the password and reuse for other partitions.
For instance, say you have two partitions, root and home. You add a second password for home, that is entered via file, which is stored on the root partition (the file is actually a small random blob, so impossible to remember). In cryptotab, the home partition is configured to activate via that password file, not by manually entered password.
For your home directory if you're using ecryptfs encrypted home, I realized it's not the SUSE default but it's so much more flexible then the current mechanism which I won't get into here, there's no need for adding a password/phrase in crypttab since it leverages the users login credentials. Also your homedir is only mounted when you're logged in, otherwise it's unmounted and the file/dir names scrambled ECRYPTFS_FNEK_ENCRYPTED.FWbHk4v2bLqdSESOXJQHdSCncyfrwWsUBmCb5OYX6o54WepiuYHv0EtrQ---
So when root is mounted by entering the password, the file is instantly available and home is also mounted, automatically, by systemd.
I use this for mounting several data partitions in one go. I have not tried with root partition, because as you say, the problem is installation and upgrade.
Cristian Rodríguez wrote:
Yes, dracut is driven by systemd in the initrd..
Did you tried factory and see if it already works ? could you fill bug reports if you do not get the documented behaviour ? Ok, I should try Factory.
I can't, yet. But I'm interested :-)
- -- Cheers / Saludos,
Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlQHrJwACgkQtTMYHG2NR9W7XQCeKCiFlP0P9rb8DB8uongET9WF 4P4An3iBaVAEhezoh+Vdk1n22k6S4+8X =Us16 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org