Re: LVM+RAID+CRYPT
Op vrijdag 8 januari 2010 13:40:00 schreef Γιώργος Πάλλας:
> Stan Hoeppner wrote:
> > Sjors van der Pluijm put forth on 1/8/2010 5:13 AM:
> >> 3. Is it ok to have swap and /boot on an encrypted LVM?
> >
> > Never run encryption on swap. Doing so merely burdens performance. I
> > doubt even NSA, CIA, MI6 encrypt swap partitions on workstations.
> >
> > I've never tried to boot from an encrypted /boot, so I really can't say
> > if it would work or not. Why can't/won't you create 3 partitions?
> >
> > [boot] 100MB mounted as /boot normal ext2
> > [swap] 1-8GB mounted as normal swap partition
> > [root] [remaining space] mounted as /root and encrypted however you like
>
> I run a couple of identical machines, some with full disk encryption
> (i.e. everything including swap except /boot which you cannot encrypt)
> and some where only home is encrypted with LUKS. Never noticed any
> performance impact. I think that swap encryption is *mandatory* for the
> reason of there being written many things that shouldn't in case they
> are sensitive. And I guess this why the approach of the debian installer
> should you choose to encrypt includes swap encryption.
>
> G.
>
Ok, getting a clear picture here.
I will have /boot en / on a seperate partition. The remainer will be encrypted
and configured using LVM (/home, /tmp, /var and swap)
Thanks!
Reply to: