Re: Whole System Encryption, LVM & Extended Partition

To: debian-user@lists.debian.org
Subject: Re: Whole System Encryption, LVM & Extended Partition
From: Patrick Bartek <bartek047@yahoo.com>
Date: Sat, 29 Mar 2014 19:57:32 -0700
Message-id: <[🔎] 20140329195732.4ef79256@debian7.boseck208.net>
In-reply-to: <[🔎] CAKmZw+b1Drd6B4UaM_FP-YC1p_dCpb-95Gsgj5Xm=xoKABzF0g@mail.gmail.com>
References: <[🔎] 20140329164941.077e32ad@debian7.boseck208.net> <[🔎] CAKmZw+b1Drd6B4UaM_FP-YC1p_dCpb-95Gsgj5Xm=xoKABzF0g@mail.gmail.com>

On Sat, 29 Mar 2014, Brad Alexander wrote:

> On Sat, Mar 29, 2014 at 7:49 PM, Patrick Bartek <bartek047@yahoo.com>
> wrote:
> 
> >
> > Did a couple of trial installs of Wheezy in VirtualBox in
> > anticipation of the real thing on an as yet to be purchased
> > notebook, and noticed something puzzling with the
> > Guided-Encrypted-LVM partitioning option. (I've never done
> > encryption on my systems before.)  The installer used a "classic"
> > Extended partition, i.e. sda5, instead of a Primary one on which to
> > place the LVMs: /, swap, /home.  /boot was a Primary, as expected.
> > Seems like a unneeded use of a logical partition layer on which to
> > place another layer of logical partitions.
> >
> > Any valid reason for doing this?
> >
> 
> Not that i have found. What you propose is exactly how I do mine. I
> have a roughly 512MB /boot on sda1 and the rest of the drive on sda2,
> which contains my encrypted partition, within which I put my LVM.
> 
> 
> >
> > I'd prefer just two Primary partitions: /boot, and the balance of
> > the drive for the encrypted LVM partitions. Any reasons for not
> > doing it that way?
> >
> 
> It has worked great for many years for me. I've been running this
> config or one similar to it (I used to put a separate swap partition,
> but the last nuke and pave, I figured putting the swap partition
> within the LVM works better and you only have to encrypt one
> filesystem. I've been running luks-encrypted partitions since, oh,
> 2005 or 2006, I think. It's been a while.
> 
> I don't know about your use cases, but here is something that you
> might be interested in:
> 
> http://blog.neutrino.es/2011/unlocking-a-luks-encrypted-root-partition-remotely-via-ssh/
> 
> This can be fairly easily set up, but protect the script (encrypted
> thumb drive works), as your encryption passphrase is contained within
> the script, but if you are dealing with a remote server, you may wish
> to consider it.

My intent is for securing a personal notebook to protect personal &
business info in case it gets stolen or hacked.  Nothing server related.

Anyway, thanks for the link.  Even though it doesn't really apply to my
situation, I'll still read it.  Never know when it might come in handy.

Thanks.


B

Reply to:

References:
- Whole System Encryption, LVM & Extended Partition
  - From: Patrick Bartek <bartek047@yahoo.com>
- Re: Whole System Encryption, LVM & Extended Partition
  - From: Brad Alexander <storm16@gmail.com>

Prev by Date: Re: Whole System Encryption, LVM & Extended Partition
Next by Date: Re: kernel upgrade
Previous by thread: Re: Whole System Encryption, LVM & Extended Partition
Next by thread: Re: Whole System Encryption, LVM & Extended Partition
Index(es):
- Date
- Thread