-   Suse/Novell (
-   -   Encrypted root with LUKS on LVM and RAID-1: How? (

gargamel 04-15-2009 05:21 PM

Encrypted root with LUKS on LVM and RAID-1: How?
Dear all,

OpenSuSE 11.1 is by far the best SuSE version in a long time. It's generally up to competition or ahead of it. It's admirable, how thoughtful this system is set up, and how clean and fast it is compared to its predecessors. It ssems, that SuSE is fighting its way back to where they came from before the Novell "merger."

Having said that, it is even harder to understand, IMHO, why the installer doesn't support encrypted root partitions. Of course, there is a manual solution:

However, this HOW-TO doesn't explain how to combine LUKS encryption with LVM on a RAID-1 system, as described for Slackware 12.2 here:

Is there a similar guide anywhere available for OpenSuSE 11.1?
I'd appreciate, if you could point me there, then.

If not: Would it be possible to do all the low-level setup work, like partitioning, setting up the logical volumes and encrypting everything, with Slackware, following the document above, and then install OpenSuSE 11.1 on that system? Would that work???



gargamel 04-17-2009 01:33 PM

Maybe my original post is simply a bit too long, although my question is certainly not trivial. But I try to put it simpler and shorter:

How can I set up a fully encrypted OpenSUSE 11.1 install on a software RAID-1 system with two hard discs using LVM?

In other words: What are the exact steps for formatting, partitioning, setting up RAID-1, encrypting and creating and activation logical volumes using a combination of software RAID-1, LVM and LUKS?

Thanks for your help!


gargamel 04-20-2009 03:59 PM

Nobody done this before? Really?
Well, then maybe someone can answer me the following question.

Would it work, if I would to the basic setup, ie formatting, setting up RAID-1 and LVM and LUKS encryption with Slackware 12.2 32-bits and then install OpenSuSE? Would the installer recognize the encrypted volumes on the software RAID-1?



ichrispa 08-04-2009 04:57 PM

ok, I guess this out of date but I'll answer anyway.

the process of creating an encrypted root fs is essentially the same whether you use raid or not. when you create the new initrd, include the futures "lvm dm luks raid". This should suffice to get it running.

ichrispa 08-04-2009 04:58 PM

btw, if you are still working on this, I can go into more details. no point writing two pages for a project that has been given up.

gargamel 03-20-2010 05:30 PM

Yeah, I had given up on this with SuSE 11.1. But I'd give OpenSUSE 11.2 a try, I only I knew, how.

What I would do is described here:

Has anyone done this with OpenSUSE 11.2? How?

I set up a machine following this How-To, and would use the created partitioning and LV scheme for OpenSUSE 11.2. But somehow, YaST on the one hand correctly displays, which devices and partitions are under LVM control, and which ones are encrypted, but then fails to ask me for the LUKS passphrase. Also, it doesn not allow me to encrypt my RAID-1 array. In only allows me to encrypt an LV or a volume group.

Or do I get something wrong, here?
Thanks in advance!


All times are GMT -5. The time now is 03:07 AM.