FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 01-08-2010, 09:41 AM
Sjors van der Pluijm
 
Default LVM+RAID+CRYPT

Hi all,

I have been using Debian for a few years now. For my new workstation I want to
try something new. What I want to do:
1. Make a RAID1 using two SATA discs
2. Create one partition on the RAID
3. Encrypt that partition
4. Use LVM on the partition

I can't find very much info on this setup and have some questions:
1. Is this a wise setup?
2. What's the difference between the two encryptions Lenny offers? Which one is
better?
3. Is it ok to have swap and /boot on an encrypted LVM?
4. Are there any alternatives I should consider? ZFS seems great, but is only
available in userspace AFAIK.

Thanks


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-08-2010, 10:13 AM
Sjors van der Pluijm
 
Default LVM+RAID+CRYPT

Hi all,

I have been using Debian for a few years now. For my new workstation I want to
try something new. What I want to do:
1. Make a RAID1 using two SATA discs
2. Create one partition on the RAID
3. Encrypt that partition
4. Use LVM on the partition

I can't find very much info on this setup and have some questions:
1. Is this a wise setup?
2. What's the difference between the two encryptions Lenny offers? Which one is
better?
3. Is it ok to have swap and /boot on an encrypted LVM?
4. Are there any alternatives I should consider? ZFS seems great, but is only
available in userspace AFAIK.

Thanks

PS: I resend this message because I think the first one didn't make it to the
list. Sorry if it did


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-08-2010, 10:26 AM
Stan Hoeppner
 
Default LVM+RAID+CRYPT

Sjors van der Pluijm put forth on 1/8/2010 5:13 AM:

> 3. Is it ok to have swap and /boot on an encrypted LVM?

Never run encryption on swap. Doing so merely burdens performance. I doubt
even NSA, CIA, MI6 encrypt swap partitions on workstations.

I've never tried to boot from an encrypted /boot, so I really can't say if it
would work or not. Why can't/won't you create 3 partitions?

[boot] 100MB mounted as /boot normal ext2
[swap] 1-8GB mounted as normal swap partition
[root] [remaining space] mounted as /root and encrypted however you like

--
Stan


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-08-2010, 10:41 AM
Sjors van der Pluijm
 
Default LVM+RAID+CRYPT

Op vrijdag 8 januari 2010 12:26:37 schreef Stan Hoeppner:
> Sjors van der Pluijm put forth on 1/8/2010 5:13 AM:
> > 3. Is it ok to have swap and /boot on an encrypted LVM?
>
> Never run encryption on swap. Doing so merely burdens performance. I
> doubt even NSA, CIA, MI6 encrypt swap partitions on workstations.
Well, I might heave read wrong, but I thought the Debian installer warned me
not to leave swap unencrypted while other partitions are encrypted. It makes
sense too: sensitive content could easily be written to swap.

> I've never tried to boot from an encrypted /boot, so I really can't say if
> it would work or not. Why can't/won't you create 3 partitions?
>
> [boot] 100MB mounted as /boot normal ext2
> [swap] 1-8GB mounted as normal swap partition
> [root] [remaining space] mounted as /root and encrypted however you like
Just found out that /boot should not be in LVM because bootloaders might not
understand it. /boot unencrypted does not seem to be the end of the world.
http://tldp.org/HOWTO/LVM-HOWTO/benefitsoflvmsmall.html

>
> --
> Stan
>


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-08-2010, 10:53 AM
Mark Allums
 
Default LVM+RAID+CRYPT

On 1/8/2010 5:26 AM, Stan Hoeppner wrote:

Sjors van der Pluijm put forth on 1/8/2010 5:13 AM:


3. Is it ok to have swap and /boot on an encrypted LVM?


Never run encryption on swap. Doing so merely burdens performance. I doubt
even NSA, CIA, MI6 encrypt swap partitions on workstations.

I've never tried to boot from an encrypted /boot, so I really can't say if it
would work or not. Why can't/won't you create 3 partitions?



4:


[boot] 200MB mounted as /boot normal ext2
[swap] 1-8GB mounted as normal swap partition
[root] [1/3 remaining space] mounted as / [root] and encrypted however you like


[home] [2/3 remaining space] probably the most urgent for encryption


Mark Allums


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 12:28 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org