Sabayon Community

[sarno]

I have deicided encrypt the whole file system but how i can do it without LVM? My problem is that i have to type my password three/four times (depending on partition layout) so do i have to use LVM if i want type my password only once?

LVM don't have any benefits for me becauce i'm using one hard disk setup and it would only add complexity of recovering things if something goes wrong. (hard disk fault, bad sectors, data corrupting, etc)

[batvink]

hello Sarno,
if you must type your password several times,
that's because you set it up that way.
The default LVM setup with encryption, only encrypts the Physical Volume (LVM)

Within the Physical Volume you add Volume Groups, and finally create mount points.
Now, for each created mount point, you have the availability to encrypt it.
This way, (especially for paranoid users ) encrypted systems can have several passwords.
at boottime, you will be asked for those passwords, otherwise the system won't boot.
And i believe that this is what happened in your case., i think that you encrypted your mount points.
you can see it in the picture below: only the Physical volume has a Lock-icon,
the mount points stays un-encrypted, because they already excist in a encrypted Volume.

[sarno]

Hello batvink

Thanks for very comphrensice quide to encrypting filesystem with LVM

however my original question was "how to encrypt whole filesystem without LVM and type password only once?".
I know that one time password typing can be achieved with LVM logical volume partitions if i want encrypt three partitions.

I have been thinking solution like: " in booting it ask /root partition password -> when typed correctly it would open my /home partition and it would open swap partition etc."

I'm just wondering is above-mentioned even possible? Is LVM my only choice?

I have been thinking partition layout like:

/dev/sda1 (windows system)
/dev/sda2 (ntfs storage)
/dev/sda3 ( /boot )
/dev/sda5 ( /root ) this i want to encrypt.
/dev/sda6 ( /home ) this i want to encrypt.
/dev/sda7 ( /swap ) this i want to encrypt.

Sorry if there was misunderstanding because it has been an several years when i studied english.

[batvink]

i don't see a extended/logical partition?
MBR drives can have max. 4 primary partitions.
what you want can only be done with GPT (Guid Partition Table)

but back to your question:
you can encrypt filesystems without using LVM.
this can be achieved using LUKS.
But to be honest, i don't know how that can be done with sabayon,
you can find a lot about it on the internet.
i found one for you on a ubuntu forum:
http://ubuntuforums.org/showthread.php?t=1356925
Sorry, but i can't help you further, maybe another member of this forum.
good luck.

[catinthebox]

I had an idea to store the encryption keyfiles for the other partitions ON the root partition, so you shove in the root password and then the instructions for mounting the other partitions in /etc/conf.d/dmcrypt will point to a keyfile stored on the previously unlocked partition. Though that then means that you have a plaintext file of your encryption keyphrases on your disk. You could do it like you put the key on a USB and then you encrypt the USB and if theres functionality to decrypt a keyfile before using the key that'd work. That way it'd read it needs a keyfile to unlock your shit, itd point at your USB key or key stored on a separate and encrypted key partition, and then you type that password and it knows how to unloack everything. The goal is that the key gets locked back up after you boot so its not just sitting there.