Hello, on Mittwoch, 13. Oktober 2010, Carlos E. R. wrote:
Using that method, however, during boot the system would ask for the passphrase twice or more: once for the root system (another for /home, if used), and another for swap ⁽¹⁾.
That should be avoidable ;-) Create a file containing the encryption key for /home (and another one for swap) on your root partition (needless to say: restrict access to root only). This file can directly be generated from /dev/random and serve as an *additional* key/password for the partitions - LUKS supports up to 8 (IIRC) keys/passwords per partition. To get you started: cryptsetup luksAddKey /dev/sda1 (handing over the key file is left as exercise to the reader ;-) man crypttab tells you that you can specify the key file in the third column of /etc/crypttab - those partitions can then be decrypted without entering the password at boot. On boot, you'll then only have to type the password for the root partition. (Choose a good password for it, because it will also give access to the other partitions.) For manual mounting of the other partitions, your password will still work. Note: This mail is IMHO and AFAIK - I do not have such a setup and therefore can't guarantee that it works. Regards, Christian Boltz --
[...] if the installation of a stupid package failed, [...] AFAIK there is no package named `stupid'. [> Raphael Schillings and Michael Gross in https://bugzilla.novell.com/show_bug.cgi?id=147588] -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org