You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2011-10-27 14:58:38
- venehan_snakes
- Member
- Registered: 2011-08-30
- Posts: 16
Encryption on top of LVM or vice versa?
In the wiki-article it is said that LVM on top of an encrypted drive is to be preferred over encrypted partitions on top of LVM. Though it is not explained why and I'm curious about this since encrypting the LVs seems like a much easier approach in my situation than the other way around.
Does it affect performance? Or is it just because you could see the LVM partitions before decrypting anything? And if so, of what use would that be to an attacker?
Offline
#2 2011-10-27 19:10:42
- /dev/zero
- Member
- From: Melbourne, Australia
- Registered: 2011-10-20
- Posts: 1,247
Re: Encryption on top of LVM or vice versa?
If I was really curious, I would try doing it both ways in a VM and collect some stats from it.
In my experience, using LVM on top of LUKS did not work.
My current setup is apparently a bit weird, but it makes sense to me. I have LVM on top of LUKS on top of another LVM. See here.
Offline
#3 2011-10-27 21:36:14
- venehan_snakes
- Member
- Registered: 2011-08-30
- Posts: 16
Re: Encryption on top of LVM or vice versa?
Okay, so I now have the LVM on the first HDD, the logical volumes are all encrypted with LUKS and I am about to begin the installation.
One critical point is not yet clear to me: Is it possible to extend a logical volume with and encrypted partition on it?
How would I proceed?
1) I extend the lv to a second drive, no problems here
2) I need to resize the filesystem, but how would that work with an encrypted filesystem on top of which is a ext4 filesystem?
Offline
#4 2011-10-27 21:48:35
- /dev/zero
- Member
- From: Melbourne, Australia
- Registered: 2011-10-20
- Posts: 1,247
Re: Encryption on top of LVM or vice versa?
I don't know off the top of my head. If it were a fresh-install, I would invest a little time in just experimenting a bit, then sftw if I run into problems, then come to the forums if I couldn't figure it out by myself after a few days or weeks :-)
Offline
#5 2011-10-27 22:20:29
- venehan_snakes
- Member
- Registered: 2011-08-30
- Posts: 16
Re: Encryption on top of LVM or vice versa?
Since you have LUKS partitions on top of LVM as well, could you help me out with the crypttab?
Not sure if it should be
1) home /dev/vgroup/home "passphrase"
or
2) home /dev/mapper/home "passphrase"
Offline
#6 2011-10-27 22:27:19
- /dev/zero
- Member
- From: Melbourne, Australia
- Registered: 2011-10-20
- Posts: 1,247
Re: Encryption on top of LVM or vice versa?
My setup doesn't use a crypt tab. It wouldn't make sense, because the crypttab would be on the encrypted partition, making it useless during boot.
I have:
/dev/sda1: a grub-bios partition
/dev/sda2: /boot
/dev/sda3: lvm encrypted from top to bottom; decrypting opens up another lvm containing logical volumes for /root, /home and /swap.
If you want to do it exactly the same way I did it, just follow the steps in my first post in that thread, except be careful of the two things falconindy kindly pointed out to me. In particular, note that I used the how-to from Aptosid, which doesn't use a crypttab.
Offline
Pages: 1