Re: Full Disk Encryption

[Rick Thomas <rbthomas@pobox.com>]

On Nov 28, 2011, at 8:48 AM, J. Bakshi wrote:

> On Mon, 28 Nov 2011 13:15:59 +0000 (UTC)
> Virgo Pärna <virgo.parna@mail.ee> wrote:
>
> > On Mon, 28 Nov 2011 00:59:34 -0500, Rick Thomas  
> > <rbthomas@pobox.com> wrote:
> > > Unless you are concerned about growing swap at some later date, you
> > > should leave swap out of the LVM and encrypt it separately -- with a
> > > *random* key.
> >
> >    I think, that this would not work, if one wants to use  
> > hibernation. And
> > that could be case on laptop.
>
> Good point.... I am already using both suspend and hibernation and  
> expect the
> same after disk FDE. Thanks for pointing ....

Yes... That's something I hadn't thought about.  I've only used it for  
an "always-on" server.

Another point about using a separate swap vs including swap on the  
encrypted LVM:  On a server,  the LVM will almost certainly be on a  
RAID.  There's no point in putting swap on RAID.

Rick