Hello Dne St 2. dubna 2014 13:02:39, Carlos E. R. napsal(a):
On 2014-04-02 12:00, Vojtěch Zeisek wrote:
Hello, I'm used to use encrypted root (using LVM containing root and swap) on my notebook. I just added mSATA disk to it, so that I'd like to have / on mSATA SSD and /home on older slower HDD. And I wish it encrypted. So how to do it? If I use LVM, all data would be everywhere, but I wish system on SSD and my data on HDD. If I'd create two or more separated encrypted partitions, I'd have to enter more passwords during startup, which is bit uncomfortable. Is there any other solution?
Interesting problem.
The method used by YaST, which is understood properly by the system, is one single encrypted partition, visible on /dev/mapper/, which has inside one LVM space (sorry, I'm not conversant with the correct LVM terminology), and inside that LVM, you find out the three traditional "partitions": root, home, swap. You get prompted for the password just once because there is really only one encrypted partition.
Yes. And as far as I know, there is now way how to keep root only on certain physical device. That is the point. I wonder how this works in brtfs (I don't know much about this FS), as it has LVM functionality build in.
I don't use this setup because I do not like LVM. In that case, the method is having separate partitions instead. Few people have reported using full system encryption without LVM, with separate partitions (I can not locate a current full description of the procedure), and one of the problems mentioned (besides YaST being unable to set it up, and possibly difficulties with system upgrade?), is that the boot system asks the password for each partition, even if they are the same. I believe there is a bug on this. I heard that plymouth can handle that situation, but as I always remove it, I can't say for sure.
I wouldn't expect big issues with such setup, beside need for repeated enter of pass-phrase.
I don't know if this helps you. As I see it, you have to set this up yourself, without LVM.
I also don't know better solution so far... Vojtěch -- Vojtěch Zeisek Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux http://www.opensuse.org/ http://trapa.cz/