On Fri, 2007-04-20 at 10:37 -0500, Default User wrote: > Hi! > > After installing fresh Etch with encrypted lvm (all except /boot), per > non-expert install, I am reconsidering whether lvm is a good idea. It > works fine - now - but what if it stops working? It depends on what you call "stop working". Most recent LiveCDs can start and use LVM Volume Groups and activate Logical Volumes and therefore mount them. Also, most LiveCDs have most of the same tools you used to encrypt the data. If you keep you key properly and have it available $MEDIA_OF_CHOICE (usb key or CD or something) you should be able to access your data, providing you haven't done something un-smart. > The only partition that seems to be accessible from a sarge system on > the same machine is the /boot partition. If Etch decides to misbehave, > how would I be able to access my data? Or is this a case of "you do > back up your data every day, don't you?" Yes, but then your backups should be encrypted as well... but that is another discussion left for another time. > I really do like the ability to resize my partitions as needed (the > layout that seemed fine upon install can really look stupid 6 months > later). But not at the price of my data. If you don't do anything stupid, like physically removing a drive from a volume group with without doing the migrate, reduce and removal first, you should be able to keep your data. > And does encryption of lvm partitions unnecessarily complicate matters, > especially recovery? Yes, but then you should question your motives for doing the encryption. You see encryption of you disk, is to make it HARD to recover any data without your key and passphrase (passphrase should be phrase and not a word). So I don't get your question, much less your consideration of encryption of your data. I do not believe you have completely thought out your reasoning for "encrypting" you data. > Would just an encrypted swap partition only be better? Why would you do that if you are not going to encrypt your data? makes no sense. I believe you need to evaluate what "encrypting your data" really means, first and foremost, also the *WHY* you would do it. Doing encrypted stuff is all well and good, but it you are doing it for the "latest trendy schtick", avoid it. LVM is a trivial concern if you are encrypting your data for the right reasons. -- greg, greg@gregfolkert.net Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup
Attachment:
signature.asc
Description: This is a digitally signed message part