FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 02-12-2008, 06:48 AM
Alexander Todorov
 
Default Encrypted block devices and RAID

Hi folks,
browsing through the kickstart page on the wiki I found that both the
part and raid commands have the --encrypted options.
What will happen when mixing them as in the example below:

part raid.01 --size=60 --ondisk=sda
part raid.02 --size=60 --ondisk=sdb --encrypted
part raid.03 --size=60 --ondisk=sdc

part raid.11 --size=1 --grow --ondisk=sda
part raid.12 --size=1 --grow --ondisk=sdb --encrypted
part raid.13 --size=1 --grow --ondisk=sdc

raid / --level=1 --device=md0 raid.01 raid.02 raid.03 --encrypted
raid /usr --level=5 --device=md1 raid.11 raid.12 raid.13

Possible answers:
1) Error: RAID array(md0 / md1) containing encrypted and non-encrypted
partitions

2) Only raid.12 (say /dev/sdb2) will be encrypted but the RAID array
will be not. This meaning that "raw" data on other disks is not encrypted.

3) / will be encrypted because its underlying RAID device(md0) will be
encrypted. The encryption for raid.02 (say /dev/sdb1) will be ignored.
Raw data on disks is encrypted with a single pass phrase.

4) / will be encrypted (see #3). Additionally raid.02 is also encrypted
with another pass phrase. This is RAID 1 (mirroring) and raw data on
discs will be different because it's encrypted with 2 passwords.

Which ones of the above are true?

Thanks,
Alexander.


_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
 
Old 02-12-2008, 11:53 AM
Bruno Wolff III
 
Default Encrypted block devices and RAID

On Tue, Feb 12, 2008 at 08:48:01 +0100,
Alexander Todorov <atodorov@redhat.com> wrote:
> Hi folks,
> browsing through the kickstart page on the wiki I found that both the
> part and raid commands have the --encrypted options.
> What will happen when mixing them as in the example below:
>
> Which ones of the above are true?

Encryption is stackable, so you should be able to mix and match it anywhere
in the stack of block devices.

That said, for raid it probably makes more sense to encrypt on top of raid
rather than below it so as to save some work. Your raid layout usually
isn't secret and leaving it visible shouldn't be a problem. This allows
you to encrypt each block of data once rather than once per raid array
element.

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
 
Old 02-12-2008, 12:10 PM
Alexander Todorov
 
Default Encrypted block devices and RAID

Bruno Wolff III wrote:

On Tue, Feb 12, 2008 at 08:48:01 +0100,
Alexander Todorov <atodorov@redhat.com> wrote:

Hi folks,
browsing through the kickstart page on the wiki I found that both the
part and raid commands have the --encrypted options.
What will happen when mixing them as in the example below:

Which ones of the above are true?


Encryption is stackable, so you should be able to mix and match it anywhere
in the stack of block devices.


That's a nice thing to hear.


That said, for raid it probably makes more sense to encrypt on top of raid
rather than below it so as to save some work. Your raid layout usually
isn't secret and leaving it visible shouldn't be a problem. This allows
you to encrypt each block of data once rather than once per raid array
element.


I totally agree. Just wanted to know what will happen in a weird set-up.

Thanks,
Alexander.

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
 

Thread Tools




All times are GMT. The time now is 03:16 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org