Multiple encrypted LVM volumes with one password

Question

I found a similar question here but it's only partially connected with my question. Currently I have one primary /boot partition and a single LVG1 group with 2 logical encrypted volumes - LV1 and LV2. LV1 is being mounted as /, and LV2 is being mounted as swap.

Everything works great, grub boots the kernel and I'm being asked for a password. After entering right password rest of the system boots properly. However as you may guess I have a quite long password and I need to enter this password twice for / and swap (LV1 & LV2). In general I'd like to enter such password only once because if I successfully decrypted / then there's no point of having seperate password just for swap partition. Is this possible with current setup? I'm looking for some kind of a script or a solution to somehow check if previous LVM volume has been decrypted successfully and if it did then try to decrypt next volume with the same password and if it fails ask for new one. I've been searching for at least an hour using different sites without success and I'm not even sure if it's possible with only a ramdisk, kernel and unencrypted /boot partition.

Thanks.

Answer 1

Instead of setting up encryption separately for each logical volume you shoul create a single physical volume and setup encryption there. Afterwards you should mark encrypted volume as a physical volume for LVM and create inside that encrypted volume LVG1 group with two unencrypted volumes: LV1 and LV2. This way you will hide even a structure of your partitions behind of encryption.

LVM2 allows spanning volume group space to several physical devise. So, this way you are able to have single password for single volume group stretched to many devise. But in this case you probably will have an issues if one of the devise will failed all your partitions will be probably lost. I'm not fully sure about my last sentence and you need to make detail investigation if you interested, but it's likely true.