Re: debian with raid1+cryptsetup+lvm on notebook?

To: debian-user@lists.debian.org
Subject: Re: debian with raid1+cryptsetup+lvm on notebook?
From: "Douglas A. Tutty" <dtutty@vianet.ca>
Date: Tue, 21 Apr 2009 10:06:03 -0400
Message-id: <[🔎] 20090421140603.GB6473@blitz.hooton>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] gsk7pa$mua$1@ger.gmane.org>
References: <[🔎] gsk7pa$mua$1@ger.gmane.org>

On Tue, Apr 21, 2009 at 12:39:38PM +0200, Peter Jordan wrote:
> Hello,
> 
> since my ThinkPad T400 has two 250GB HD, i considered to install debian 
> testing with raid1+cryptsetup+lvm on it.
> 
> Has anyone experience with that kind of setup?
> 
> Any significant reasons against my plan?

Sounds like a good idea.  I think that the installer has that
out-of-the-box as one of the guided-partitioning options.  If not, you
can certainly do it manually.

This came up not that long ago.  It was suggested that having /
encrypted can prevent someone trojaning executables on / (e.g. /bin/ls).
However, since you need an unencrypted /boot, then someone could trojan
the kernel or the initrd itself (perhaps to email the attacker the
password you enter to decrypt the filesystem), who knows?

I suppose that you could have /boot on a USB stick so that without the
stick, the laptop won't boot and there won't be any unencrypted data on
the laptop.  There's good LUKS documentation: read it.

I'm sure that this has been (and is being) looked at by people with a
particular interest in laptop security.  Just don't assume that
raid1+crypsetup+lvm will make your laptop absoulutly secure.

Doug.

Reply to:

References:
- debian with raid1+cryptsetup+lvm on notebook?
  - From: Peter Jordan <usernetwork@gmx.info>

Prev by Date: existing blender is broken after building a new one from source code
Next by Date: Re: File won't be printed, all others will!
Previous by thread: debian with raid1+cryptsetup+lvm on notebook?
Next by thread: debiantutorials.org seeks input and new blood
Index(es):
- Date
- Thread