[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Full Disk Encryption

On Nov 28, 2011, at 8:48 AM, J. Bakshi wrote:

On Mon, 28 Nov 2011 13:15:59 +0000 (UTC)
Virgo Pärna <virgo.parna@mail.ee> wrote:

On Mon, 28 Nov 2011 00:59:34 -0500, Rick Thomas <rbthomas@pobox.com> wrote:

Unless you are concerned about growing swap at some later date, you
should leave swap out of the LVM and encrypt it separately -- with a
*random* key.

I think, that this would not work, if one wants to use hibernation. And
that could be case on laptop.

Good point.... I am already using both suspend and hibernation and expect the
same after disk FDE. Thanks for pointing ....

Yes... That's something I hadn't thought about. I've only used it for an "always-on" server.

Another point about using a separate swap vs including swap on the encrypted LVM: On a server, the LVM will almost certainly be on a RAID. There's no point in putting swap on RAID.


Reply to: