You are not logged in.

Pages: 1

#1 2011-03-19 19:56:13

Shaika-Dzari
Member
From: Québec, Canada
Registered: 2006-04-14
Posts: 436
Website

Encryption on new install

Hello everyone,

I'm building a new PC.
This time, I want to fully encrypt my system.

I'm reading this tuto (https://wiki.archlinux.org/index.php/Sy … r_dm-crypt) and I have some questions.

1- Is LVM useful ?
I only have one disk (WD 640 go) and my plan is to make these partitions:

/dev/sda1    /boot        ext2     150m  unencrypted
/dev/sda2    /        ext4    12g   encrypted
/dev/sda3    swap        swap    512m  encrypted
/dev/sda5    /home        ext4    40g   encrypted
/dev/sda6    /mnt/data    ext4    ~575g encrypted

2- urandom or badblock ? Is badblock available on arch install CD ?

3- If I follow the tuto on arch wiki, I must create my partition, encrypt them and mount them using cryptsetup before enter /arch/setup ?
Is that right ?

Thanks for your help.

Shaika-Dzari
http://www.4nakama.net

Offline

#2 2011-03-20 10:00:12

siriusb
Member
From: Hungary
Registered: 2010-01-01
Posts: 422

Re: Encryption on new install

Hello,

I think LVM is quite useful, but if  you don't need to dinamically change the size of your partitions or you want make full backups without shutting down your PC, for example, you don't need this. All my partitions are encrypted, so I just boot from sysrescd, mount the partitions and use rsync to copy everything that changed since last backup.

As I remember you can take all the necessary steps from the install CD. You should first prepare your harddrive, badblock is the quicker way smile then run arch setup. I think you can create the encrypted partitions during the process, but you also can prepare those partitions, just don't forget to mount them and choose the manually option when you  define the system's mounting points.

Offline

#3 2011-03-28 18:53:59

Buck
Member
Registered: 2011-03-15
Posts: 4

Re: Encryption on new install

In your case, I would think LVM would help greatly because you wouldn't have to enter a password for each partition you have encrypted (and I highly recommend encrypting all of your partitions, except boot).

The installer can do all of the work for you, except using 100 percent of the free volume space (see my post:  https://bbs.archlinux.org/viewtopic.php?id=115121 )
In your case, I would create a layout as follows (I'm doing this from memory, so forgive me if I screw up): 

/dev/sda1 - /boot
/dev/sda2 - dmcrypt
                     LVM Physical Volume
                            LVM Volume Group
                                 LVM Logical Volume - Swap
                                 LVM Logical Volume - /  (root)

You can also add /home and any other logical volumes you want under the volume group, but you can also put everything under /root.

The benefit of this arrangement is that when you boot, it will only ask you for the password once since you are decrypting the entire LVM physical volume. Another benefit is that everything (except boot) is encrypted, including swap.

Last edited by Buck (2011-03-28 18:54:53)

Offline

Pages: 1

Board footer

Powered by FluxBB