[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Automating boot of Ubuntu on encrypted LVM?

>>> use one encrypted partition, holding a VG, holding an LV for each of 
>>> the dom0 & domU roots.  The dom0 /boot sits in a normal partition.  
>>> The passphrase is requested once on boot of the dom0.
>> What you're describing is, in fact, the way my domU is currently set 
>> up.
> It must not be, because if I set up a system as I described, I'm 
> prompted for the passphrase only once.  No need to enter the (same) 
> passphrase again when the domU boots.

Oh, wait a minute, I think I see what you're saying -- and it isn't what
I'm doing after all.  Sorry I was confused earlier when I first read
your message.

In my setup, the dom0 is unencrypted and boots normally, without requiring
any password.  It's the domU that requires a password to complete the boot

I'm not willing to encrypt my dom0 because if the hardware does a reboot
while I'm away, I want/need to be able to SSH into it in order to start
up the domU (and, eventually, multiple domUs).  That wouldn't be possible
if the dom0 required hands-on entry of a passphrase to finish booting.

What I want is a way to encrypt my domU's root partition, but avoid
needing to type in a decryption passphrase by having said passphrase
supplied via a file on the dom0.  I'll take care of safeguarding the
boot passphrase(s) by storing the file(s) in my ecryptfs-encrypted home
directory on the dom0.

Rich Wales

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.