You are not logged in.

#1 2022-10-09 12:55:30

kelloco2
Member
Registered: 2012-02-13
Posts: 124

Luks on lvm and snapshots

Hi,
With lvm on luks logical volume changes are simple and I am able to imagine that lvm snapshots works easy too (lvm snapshot probably don't care or even don't know that is inside luks because after unlock i think it is transparent). But I have luks on lvm. Is it possible and working -snapshots if I have luks on lvm? Can lvm detect that specify file changed instead of encrypted luks content like "_@_*-#(&)#)" changed?

Do You use luks on lvm with snapshots? Is it necessary to create logical volume for snapshot? If I create it just by lvm will snapshot be encrypted? Or should I create logical volume for snapshot first and then luks on it?

I use luks on lvm on my personal computer and I partitioned it years ago, because of feature that physical volume can consist of multiple disks. But now I am doing reorganisation my computer and want to add support for encrypted swap and snapshots. I don't know what is better lvm on luks or luks on lvm.
Does luks on lvm supports encrypted swap partition? I want to unlock resume from hibernation from swap by the same password like for /root.

Regards


sorry for my english. {Arch Linux, Debian} User

Offline

#2 2022-10-09 13:47:30

frostschutz
Member
Registered: 2013-11-15
Posts: 1,409

Re: Luks on lvm and snapshots

LVM doesn't really care about filesystem or whatever. It operates on the block layer. If you snapshot a Logical Volume with LUKS on it, and then you change the passphrase... the snapshot still has the old passphrase. Because the LUKS header itself is also part of the snapshot then.

So LVM on LUKS, or LUKS on LVM, either can be used. With LUKS on LVM, the LVM metadata will be unencrypted so everyone can see the name of LV and creation dates and sizes and such. And you'll have to encrypt each LV individually.

With LVM on LUKS, the LVM metadata is encrypted also. And creating new LVs they are automatically encrypted provided the Physical Volumes are all encrypted.

Depends on personal preference and requirements.

Last edited by frostschutz (2022-10-09 13:47:51)

Offline

Board footer

Powered by FluxBB