Re: raid1 with loop-aes
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
But why should one write: losetup -d /dev/loop1 mount -t ext3 /dev/md0 /mnt -o loop=/dev/loop1,encryption=AES128,gpgkey=/etc/foo.gpg insted of just: mount /dev/loop1 /mnt ? ********************Here I'll provide some information about how I set up my raid1 array for data storage:
1. create 2 partitions of equal size (looks like it can be a little different) on separate disks
2. install mdadm and execute these commands: mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/hda2 /dev/hdb4 # if that makes an error, probably there was no /dev/md0 (use mknod)! # after this command kernel synchronises both disks. To watch progress, execute "watch -n 1 cat /proc/mdstat"# I don't know how safe it is to proceed before synchornising is complete.
losetup -e AES128 -K /etc/foo.gpg /dev/loop1 /dev/md0 mkfs -t ext2 /dev/loop1 # if you want to write some information, mount /dev/loop1 and do it here! losetup -d /dev/loop13. To make usage of encrypted raid1 convenient, I updated my gentoo's init scripts:
a) in checkroot init script after root partition has been checked insert ebegin "Starting multi disk array" /sbin/mdadm -A /dev/md0 /dev/hda2 /dev/hdb4 echo "20+ character password" | losetup -p 0 -e AES128 -K /etc/foo.gpg /dev/loop1 /dev/md0 eend $? # use chmod to make file readable only to root # these lines could be inserted anywhere else before filesystems in /etc/fstab are mounted (but make sure, that they will be executed!) b) update /etc/fstab: /dev/loop1 /mountpoint ext2 defaults 0 2 c) reboot to see, if everything works ok! ******************** How big vulnerability is that password written in init file? -- Jan - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/