Skip to main content

Posts

Featured

Setting up RAID on encrypted (LUKS) LVM and decrypting at boot

I have used RAID using LVM as well as LVM-on-LUKS for years, and now I wanted to combine the two: set up two encrypted containers in a simple raid1 array. However, there were some unexpected niggles along the way. Here I document how I set up the system on Debian. My starting point was a system whose root filesystem was alreadt  logical volume (LV) on top of an encrypted block device (PV), but you can use the steps here to set things up from scratch. Assume that the volume group (VG) is called Main , the LV is named root , and there's an extra block device, /dev/sdb2 that we want to use as an encrypted mirror of root. First set up an encrypted block device on top of sdb2:  cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb1 Then add a new entry to /etc/crypttab  so this volume would be decrypted at boot, for example: sdb2_crypt UUID=... none luks,discard,initramfs You can get the UUID from e.g. ls -l /dev/disk/by-uuid . Using an UUID should protect against hardware or boo

Latest Posts

OpenSCAD precompiler in Python

3D printing without support at 45 degrees

HyperGeometry: First render of a 4D tree

HyperGeometry: Processing degenerate bodies by breaking them down and inflating them with random vectors

Use missing functions in Snowpark

Provably correct synchronisation in near linear time

Synchronizing Many Filesystems in Near Linear Time

Data Synchronization: A Complete Theoretical Solution for Filesystems

Linear and Logistic Regressions as Degenerate Neural Networks in Keras

Interpreting Neural Networks by Reducing Nonlinearities during Training