On 2014-04-02 13:16, Vojtěch Zeisek wrote:
Hello
Dne St 2. dubna 2014 13:02:39, Carlos E. R. napsal(a):
Yes. And as far as I know, there is now way how to keep root only on certain physical device. That is the point. I wonder how this works in brtfs (I don't know much about this FS), as it has LVM functionality build in.
Dunno.
I don't use this setup because I do not like LVM. In that case, the method is having separate partitions instead. Few people have reported using full system encryption without LVM, with separate partitions (I can not locate a current full description of the procedure), and one of the problems mentioned (besides YaST being unable to set it up, and possibly difficulties with system upgrade?), is that the boot system asks the password for each partition, even if they are the same. I believe there is a bug on this. I heard that plymouth can handle that situation, but as I always remove it, I can't say for sure.
I wouldn't expect big issues with such setup, beside need for repeated enter of pass-phrase.
I do not know of an easy way to encrypt the root filesystem right from installation, because YaST will not do it. The method I know is: 1) Install a normal root system, not encrypted, with a separate boot partition, and perhaps an encrypted home partition. The physical disks used are irrelevant, one or twenty. 2) Create a new encrypted partition. 3) Copy the clear root partition files to the deciphered container. 4) Somehow boot that encrypted root partition. I'm stuck on (4). Once this is done, I do not know if the system will be upgradeable, or the entire procedure will have to be repeated. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)