Re: Full Disk Encryption
J. Bakshi wrote:
> Agreed, I also maintain some servers and the swap is on raid.
> I have faced disk failure on some servers and due to raid, I could
> successfully run the server with the single disk and change the
> bad disk with a 30 min. down time.
I am using RAID for more then 7 years now in past 4 years I've upgraded the
server to a new one with faster CPU and setup the on top of the RAID
crypted (luks) with LVMs on it. I also use NFS to mount those partitions on
other linux hosts and I already had to exchange one disk because of
failure. There is no performance impact worth to mention and in general no
issues with this. On my notebook I can't do raid, but crypted+LVM is fine.
On the server I encrypt everything except boot+root, as on power failure it
will reboot and I don't need to give a password to get ssh running. After I
get the system up and running again I login and run a script to decrypt,
mount and run the rest. I was planning to put ssh into the initram, so that
I can encrypt also the root system, but it was too much work for my current
I hope this helps