Stan Hoeppner wrote:
Sjors van der Pluijm put forth on 1/8/2010 5:13 AM:3. Is it ok to have swap and /boot on an encrypted LVM?Never run encryption on swap. Doing so merely burdens performance. I doubt even NSA, CIA, MI6 encrypt swap partitions on workstations. I've never tried to boot from an encrypted /boot, so I really can't say if it would work or not. Why can't/won't you create 3 partitions? [boot] 100MB mounted as /boot normal ext2 [swap] 1-8GB mounted as normal swap partition [root] [remaining space] mounted as /root and encrypted however you like
I run a couple of identical machines, some with full disk encryption (i.e. everything including swap except /boot which you cannot encrypt) and some where only home is encrypted with LUKS. Never noticed any performance impact. I think that swap encryption is *mandatory* for the reason of there being written many things that shouldn't in case they are sensitive. And I guess this why the approach of the debian installer should you choose to encrypt includes swap encryption.
G.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature