Installing DragonFly 6.2.2 with LUKS/LVM
karu.pruun
karu.pruun at gmail.com
Fri Aug 12 06:50:16 PDT 2022
Hello
Regarding udevd, you have to enable it in /etc/rc.conf
--- /etc/rc.conf ---
udevd_enable="YES"
---
then 'service udevd start' and stop etc work as expected.
Best
Peeter
--
On Fri, Aug 12, 2022 at 4:02 PM Udo Z <cantaro at gmail.com> wrote:
>
> Hi Volodymyr and everyone,
>
> > 1. I don't think hibernation is supported right now.
>
> Thanks for the info.
>
> > 2. You can easily use your swap partition as encrypted with:
> >
> > /dev/something none swap sw,crypt 0 0
> >
> > This will create oneshot mapped encrypted device.
>
> Unfortunately a one-shot encrypted swap is not helpful in case a crash dump needs to be gathered.
>
> I played around with the installer image some more, and found the following:
>
> * Starting things as a service, e.g. `service udevd start`, does not work but simply running `udevd` does.
>
> * After this I was able to create a PV and VG but got errors when creating LVs; turns out I needed to load some modules first:
>
> kldload dm_target_striped
> kldload dm_target_linear
>
> * However, even then creating LVs failed because the device nodes were not being created. After addnig parameter `--driverloaded n` to the lvcreate commands, they succeeded but the LVs were still not created.
>
> * Running `disklabel64` or `disklabel32` on the DM device did not core dump anymore but produced an error:
>
> # disklabel64 /dev/mapper/dfly0
> disklabel64: Inappropriate ioctl for device
>
> So I gave up on subdividing a crypt container, and set up the following instead:
>
> * GPT partitioning with an ESP and a DragonFly disklabel64 partition
> * Boot partition (a) unencrypted, swap (b) encrypted, and root (d) encrypted separately
> * /etc/crypttab to unlock swap with a key saved on the root partition
>
> This works, and finally I have a system where most important info is encrypted, even if the exposed loader with all its modules still provides a lot of potential attack surface. For thwarting an oppostunistic data thief it will do.
>
> Best regards,
> Udo
More information about the Users
mailing list