|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Automating boot of Ubuntu on encrypted LVM?
Sorry for the delay in getting back to people on this. My main security worry is the possibility that the server (in my home) might be stolen by thieves. I'm taking measures to secure the box physically, of course, but in the event someone manages to make off with the hardware, I want to make it very difficult for even a skilled hacker to get at my data. My original idea (automatic decryption of a domU's main partition via a key file passed to the domU at creation time) should be doable by making changes to the domU's /etc/crypttab file (then doing update-initramfs on the domU). The key file would reside in my home directory on the dom0, which is encrypted using ecryptfs; thus, no one would be able to start the domU or make any sense of the data in its LVM partition unless I had first logged in to my account on the dom0 -- but once I had logged in, I could create the domU and it would launch without further manual intervention. The following article may be helpful for inspiration (though it doesn't talk specifically about using Xen): http://askubuntu.com/questions/59487/how-to-configure-lvm-luks-to-autodecrypt-partition Since it would be very easy to mess things up badly by making a mistake here, I'm going to wait until I have a lot of spare time to do this; in the meantime, I'll continue to type a passphrase by hand whenever the domU is started or restarted. Rich Wales richw@xxxxxxxxx _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |