0

Hey I have to make a file system with an encrypted partition with on ubuntu server. something like

Unencrypted:
/ - 10 GB
/home - 10GB
/var - 5GB
--------------
Encrypted:
/opt - 50GB

This I can figure out in the setup, just partition as normal, setup /opt as a encrypted volume with dm-crypt. However im not sure how to mirror this entire drive, so that if either failed i could still boot. and how will that affect the encrypted partition.

Any help would be appreciated.

Flamewires
  • 433
  • 2
  • 10

1 Answers1

2

The easiest way to do this is during the installation of the system.

Setup your two drives like this.

/dev/part1   ~200MB            fd  Linux raid autodetect
/dev/part2   EverythingElse    fd  Linux raid autodetect

Setup two Software RAID1 volumes, One contain the first partition from both drives call that MD0, and the second containing the second partition and call that MD1.

Setup a filesystem on MD0 and the mount point for that will be /boot. Setup MD1 to be dm-crypt volume. Setup the dm-crypt volume for LVM volume group. Create any partitions you want in your LVM volume group. Everything in the LVM will be encrypted.

Zoredache
  • 130,897
  • 41
  • 276
  • 420
  • Alright, however since I want the OS unencrypted, save for the storage partition, would it be okay to do an MD0 raid of the 2 drives, LVM that into /, /boot, /home, and an encrypted volume, and then format that encrypted volume as /opt? Mainly is there a problem having /boot in an LVM volume? Also, Ubuntu complains that it wants and encrypted swap space, so now would I need MD0 raid of the 2 devices, LVM that into /, /boot, /home, and 2 encrypted volumes (ENC) /opt (ENC) swap? – Flamewires Jan 12 '11 at 06:57
  • /boot cannot exist on LVM. Swap should be encrypted, or people will just retrieve your encrypted stuff from the swap file. – Zoredache Jan 12 '11 at 08:18