Am looking at this for Fedora 15 Three existing encrypted partitions. all on /dev/vda /dev/vda2 (/vda3,vda4) all on an lvm /dev/vda1 = /boot not luks. This is a KVM guest. with a 31gb raw storage format, using KVM Virt-manager to connect if DE is required. Using seriel console, I'm finding it a pain to keep entering luks p\w. Can your article be used with an existing /dev/mapper device(s) I'm guessing I would put the keyfile on /boot. As any hacker would still need to unlock the "host box"
/boot is not encrypted. You need to put it somewhere else. What I did is put it in /root because I don't mount /root on a seperate partition so it gets unlocked with "/" during boot up process But once that is unlocked, you can set it to auto-unlock everything else.
/dev/mapper/luks-f9034624-98d6-4987-a2bc-b9614f0304a4 / ext4 defaults 1 1 Here's an existing /etc/fstab entry. Where on the entry would I place "/root/key-file
(1) the method on how a drive gets unlocked belongs to crypttab and not fstab (2) as said, "/" can't be auto-unlocked.... that would kinda defeat the whole purpose
Apoligies you are correct: sudo nano /etc/crypttab I was using / as an an example from /etc/fstab So do I just copy the other luks /etc/fstab entries to /etc/crypttab an they are in a similar /dev/mapper/some_alphanumbric_string.
did you actually have a look here? http://www.howtoforge.com/automatically-unlock-luks-encrypted-drives-with-a-keyfile
Yes: But I have problems with logic at times, possible dues to dyselxia I am starting at Step 5, trying to work back to Step 4, Steps 1-3 are done.