Re: LVM + LV encryption
On Mon, 2007-11-19 at 11:36 +0100, Frans Pop wrote:
> On Friday 16 November 2007, Ross Boylan wrote:
> > 1. The development version of the installation guide at
> > http://d-i.alioth.debian.org/manual/en.i386/ch06s03.html#di-partition in
> > section 6.3.2.1 only discusses the case in which you selected encrypted
> > LVM, apparently applying to the whole volume. E.g., "When using LVM or
> > encrypted LVM, the installer will create most partitions inside one big
> > partition"
>
> That not is after a sentence that starts "If you choose guided partitioning,
I assume you mean "that note"
> [...]". You can set up other schemes using manual partitioning.
The discussion of manual partitioning in 6.3.2.1 only mentions LVM and
encryption as alternatives, and only talks about free space and
partitions. Mostly it is silent about the layering involved in LVM
logical volumes.
>
> > 2. Although early discussion says "First you will be given the
> > opportunity to automatically partition either an entire drive, or
> > available free space on a drive," the later discussion of guided
> > partitions sounds as if it will wipe out the whole drive: "When using
> > encrypted LVM, the installer will also automatically erase the disk by
> > writing random data to it"; "If you choose guided partitioning using LVM
> > or encrypted LVM, some changes in the partition table will need to be
> > written to the selected disk while LVM is being set up. These changes
> > effectively erase all data that is currently on the selected hard disk"
> >
> > I read this as saying any use of LVM with guided partitioning will wipe
> > out everything on the disk; I hope that is not what really happens.
>
> If you use unencrypted LVM, the disk will not be physically wiped, but data
> will still become effectively erased as the old partition table is lost
> early in the process.
> If you use guided partitioning to set up encrypted LVM, the data will also
> be physically wiped.
Doesn't the data loss only affect the "physical volumes" (in LVM terms)
that are part of the "volume group"? I hope that when the new partition
table is written the old partitions will be preserved.
For example, if you have a disk with a partition with another OS on it
and free space, and you turn the free space into and LVM volume group,
isn't the partition with the other OS left OK, along with the
corresponding entry in the partition table?
>
> > 3. The discussion of manual partitioning later in 6.3.2.1 has nothing
> > indicating partial encryption is possible with LVM.
>
> 6.3.2.4 has a general description of setting up encrypted volumes and IMO
> indicates clearly enough that this can be done for any partition and even
> includes the sentence "Another option is to choose an existing partition
> (e.g. a regular partition, an LVM logical volume or a RAID volume)."
>
> > 4. Section 6.3.2.4 says "In the Partition settings menu, you need to
> > select physical volume for encryption at the Use as: option." In LVM
> > "physical volume" differs from "logical volume." I want to encrypt the
> > latter. The (development) graphical installer itself used the "physical
> > volume" terminology.
>
> I agree that the use of "physical volume" can be somewhat confusing. We'll
> have to reconsider this. Please file a minor bug report against
> partman-crypto
reportbug doesn't think that's a package.
> to suggest that and also mention that the installation guide
> will need updating after that is changed.
I'm glad to hear it's not limited to physical volumes. Coming up with a
concise way of saying "disks, partitions, or logical volumes" may be
challenging!
>
> One thing to keep in mind is that if you want to set up encrypted partitions
> manually, it is assumed that you already know how encrypted partitions
> works and know what the capabilities/limitations are. The installation
> guide is _not_ intended to offer full documentation on encryption.
Knowing about how encryption works in general still leaves open the
question of what the capabilities of the Debian installer and partman
are. So I think it would be helpful to be clear.
Secondly, the assumption limits the audience of the installation guide,
and thus of Debian. Admittedly encryption and volume management are
fairly advanced features, but ideally someone who knows only that they
want encryption for security would be able to install and use it without
becoming an expert. Pointers to information on dm_crypt would also be
useful.
As you can probably tell, I'm not familiar with all the details of how
encryption works, though I'm pretty familiar with volume management.
>
> > http://www.debian.org/releases/stable/debian-installer/index#errata says
> > the graphical installer (which is what I used) has limited support for
> > encrypted volumes. The development installation manual only mentions a
> > problem generating random keys, and the development installer I ran did
> > offer them as an option. Since random keys only make sense for swap,
> > and since they disable suspend to disk, I don't want to use them anyway.
>
> Note that using unencrypted swap severely weakens the fact that you're using
> encrypted volumes. It is not advised.
I was hoping to use encryption, just not the random keys. My reading
was that this would work for a laptop.
>
> > Of course, maybe the overhead of encrypting all the LVM volume is minor,
> > and I should just go ahead and do that. I assume that if I encrypt
> > volumes separately I'll need to enter a password for each one each time
> > I start, which is a pain (but maybe it will try the first response on
> > later volumes?).
>
> I cannot offer you any help with that decision.
It's so much simpler to encrypt everything (except /boot), I may just do
that.
>
> Cheers,
> FJP
Thanks very much for the info.
--
Ross Boylan wk: (415) 514-8146
185 Berry St #5700 ross@biostat.ucsf.edu
Dept of Epidemiology and Biostatistics fax: (415) 514-8150
University of California, San Francisco
San Francisco, CA 94107-1739 hm: (415) 550-1062
Reply to: