LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-28-2011, 12:30 AM   #1
Nemus
Member
 
Registered: Apr 2007
Distribution: Fedora/Ubuntu
Posts: 60

Rep: Reputation: 15
LVM before and after Encryption?


so I am trying to setup an encrypted lvm

I ran into the issue where I encrypted the file systems setup the LVM formatted the file system mounted just fine
rebooted to test it.

after the reboot I was able to open the encrypted file system but wasn't able to mount the lvm because /dev/lvm/volume didn't exist but lvscan did show the volume group and the volume.

So my question is which comes first the encryption of the lvm ?

should I setup a lvm then encrypt that or setup a encrypted volume then the lvm?

I am running Centos 5.5
 
Old 03-28-2011, 08:30 PM   #2
rayfordj
Member
 
Registered: Feb 2008
Location: Texas
Distribution: Fedora, RHEL, CentOS
Posts: 475

Rep: Reputation: 73
RHEL's (extended to CentOS) default configuration is:
partition -> LUKS encryption -> pv -> vg -> lv -> fs

but there isn't necessarily any reason that you can not technically:
partition -> pv -> vg -> lv -> LUKS encryption -> fs



I'm having difficulty understanding what the exact process you followed is because of the ambiguous use of terms... If you care to clarify or walk through step-by-step the process (with command examples) you followed, I'll attempt to better answer [re-phrased] questions you have.



 
1 members found this post helpful.
Old 03-29-2011, 08:35 AM   #3
manyrootsofallevil
Member
 
Registered: Dec 2010
Distribution: Red Hat, Kubuntu
Posts: 130

Rep: Reputation: 14
Quote:
Originally Posted by Nemus View Post
so I am trying to setup an encrypted lvm

I ran into the issue where I encrypted the file systems setup the LVM formatted the file system mounted just fine
rebooted to test it.

after the reboot I was able to open the encrypted file system but wasn't able to mount the lvm because /dev/lvm/volume didn't exist but lvscan did show the volume group and the volume.

So my question is which comes first the encryption of the lvm ?

should I setup a lvm then encrypt that or setup a encrypted volume then the lvm?

I am running Centos 5.5
You should be able to mount it by using /dev/mapper/luksname

e.g. I named my luks encrypted LV lukslv (I know, I know, such boundless creativity should be channelled towards writing books or something).

I can mount it, to a directory called /lukstest, by typing
Code:
mount /dev/mapper/lukslv /lukstest
In /etc/crypttab, you need the following, in my case:

Code:
lukslv /dev/vol1/lv4 none
where /dev/vol1/lv4 is the original LV

If you have forgotten the name, you can get the name by using blkid. Somewhat confusingly, you want to use the entry whose type is NOT crypto_LUKS
Code:
/dev/mapper/vol1-lv4: UUID="0714a501-ba01-4eb1-be77-690427c8eef8" TYPE="crypto_LUKS"
/dev/mapper/lukslv: UUID="b135d367-ece1-489c-b34f-a0bd6d874199" TYPE="ext4"
Hope this helps.

Last edited by manyrootsofallevil; 03-29-2011 at 08:40 AM.
 
1 members found this post helpful.
Old 03-29-2011, 10:12 AM   #4
Nemus
Member
 
Registered: Apr 2007
Distribution: Fedora/Ubuntu
Posts: 60

Original Poster
Rep: Reputation: 15
Issue

so I setup a partition like this
partition -> LUKS encryption -> pv -> vg -> lv -> fs

but after do the cryptsetup luksOPen /dev/sdwhatever whatever and do a lvscan I can see the lvm (vg) but /dev/vg/whatever doesn't exist in /dev

so I went to this model.
partition -> pv -> vg -> lv -> LUKS encryption -> fs

so I am just wondering if there is something I would need to do make the file system see the vg after I've mounted the encrpyted drive.
 
  


Reply

Tags
cryptsetup, lvm


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How secure LUKS/LVM disk encryption really is? <Ol>Origy Linux - Security 14 03-09-2009 12:09 PM
LVM + Encryption + Custom Kernel sparker Slackware 2 08-05-2008 04:47 PM
Alternate CD LVM Encryption Install scrappydoo Ubuntu 0 07-16-2008 06:36 PM
Linux password encryption and data encryption Tux-Slack Programming 4 06-20-2007 06:46 AM
Mandrake 9.0 Wireless Works without encryption.. does not with encryption topcat Linux - Wireless Networking 3 05-04-2003 08:47 PM


All times are GMT -5. The time now is 05:26 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration