Re: LVM+RAID+CRYPT

To: debian-user@lists.debian.org
Subject: Re: LVM+RAID+CRYPT
From: Sjors van der Pluijm <sjors@desjors.nl>
Date: Fri, 8 Jan 2010 12:41:54 +0100
Message-id: <[🔎] 201001081241.55019.sjors@desjors.nl>
In-reply-to: <[🔎] 4B47166D.8070401@hardwarefreak.com>
References: <[🔎] 201001081213.14162.sjors@desjors.nl> <[🔎] 4B47166D.8070401@hardwarefreak.com>

Op vrijdag 8 januari 2010 12:26:37 schreef Stan Hoeppner:
> Sjors van der Pluijm put forth on 1/8/2010 5:13 AM:
> > 3. Is it ok to have swap and /boot on an encrypted LVM?
> 
> Never run encryption on swap.  Doing so merely burdens performance.  I
>  doubt even NSA, CIA, MI6 encrypt swap partitions on workstations.
Well, I might heave read wrong, but I thought the Debian installer warned me 
not to leave swap unencrypted while other partitions are encrypted. It makes 
sense too: sensitive content could easily be written to swap.

> I've never tried to boot from an encrypted /boot, so I really can't say if
>  it would work or not.  Why can't/won't you create 3 partitions?
> 
> [boot] 100MB mounted as /boot normal ext2
> [swap] 1-8GB mounted as normal swap partition
> [root] [remaining space] mounted as /root and encrypted however you like
Just found out that /boot should not be in LVM because bootloaders might not 
understand it. /boot unencrypted does not seem to be the end of the world.
http://tldp.org/HOWTO/LVM-HOWTO/benefitsoflvmsmall.html

> 
> --
> Stan
>

Reply to:

Follow-Ups:
- Re: LVM+RAID+CRYPT
  - From: randall <randall@songshu.org>
- Re: LVM+RAID+CRYPT
  - From: Matthew Moore <anonymous.jondoe@gmail.com>

References:
- LVM+RAID+CRYPT
  - From: Sjors van der Pluijm <sjors@desjors.nl>
- Re: LVM+RAID+CRYPT
  - From: Stan Hoeppner <stan@hardwarefreak.com>

Prev by Date: Re: LVM+RAID+CRYPT
Next by Date: Re: LVM+RAID+CRYPT
Previous by thread: Re: LVM+RAID+CRYPT
Next by thread: Re: LVM+RAID+CRYPT
Index(es):
- Date
- Thread