Installing DragonFly 6.2.2 with LUKS/LVM
Udo Z
cantaro at gmail.com
Fri Aug 12 06:01:32 PDT 2022
Hi Volodymyr and everyone,
> 1. I don't think hibernation is supported right now.
Thanks for the info.
> 2. You can easily use your swap partition as encrypted with:
>
> /dev/something none swap sw,crypt 0 0
>
> This will create oneshot mapped encrypted device.
Unfortunately a one-shot encrypted swap is not helpful in case a crash dump
needs to be gathered.
I played around with the installer image some more, and found the following:
* Starting things as a service, e.g. `service udevd start`, does not work
but simply running `udevd` does.
* After this I was able to create a PV and VG but got errors when creating
LVs; turns out I needed to load some modules first:
kldload dm_target_striped
kldload dm_target_linear
* However, even then creating LVs failed because the device nodes were not
being created. After addnig parameter `--driverloaded n` to the lvcreate
commands, they succeeded but the LVs were still not created.
* Running `disklabel64` or `disklabel32` on the DM device did not core dump
anymore but produced an error:
# disklabel64 /dev/mapper/dfly0
disklabel64: Inappropriate ioctl for device
So I gave up on subdividing a crypt container, and set up the following
instead:
* GPT partitioning with an ESP and a DragonFly disklabel64 partition
* Boot partition (a) unencrypted, swap (b) encrypted, and root (d)
encrypted separately
* /etc/crypttab to unlock swap with a key saved on the root partition
This works, and finally I have a system where most important info is
encrypted, even if the exposed loader with all its modules still provides a
lot of potential attack surface. For thwarting an oppostunistic data thief
it will do.
Best regards,
Udo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20220812/13469579/attachment-0002.htm>
More information about the Users
mailing list