You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2014-11-04 14:50:11
- Bastinenz
- Member
- Registered: 2014-11-04
- Posts: 1
Using LVM and LUKS on SSD + HDD combination
Hi, I'd like to install Arch on my new machine, which has an SSD as well as an HDD.
Now, I've been thinking that it'd be neat to have the /boot/efi, root, SWAP and /home on the SSD for performance reasons, while storing all my files like movies and music on the HDD, which is simple enough when just using physical partitions. But I'd really like to encrypt the whole system and decrypt it with a single pass phrase, which I understand is best done using LVM and LUKS. Now, how would I set up LVM to have all these logical partitions assigned to their proper physical drives while still being able to encrypt the whole bunch as a single device using LUKS? Can it be done at all?
I tried reading the articles in the wiki, but didn't really understand the lingo in the LVM article.
Any help and explanations are appreciated 
Offline
#2 2014-11-04 19:03:20
- clfarron4
- Member
- From: London, UK
- Registered: 2013-06-28
- Posts: 2,165
- Website
Re: Using LVM and LUKS on SSD + HDD combination
Here's my suggestion:
Use LVM and LUKS for everything on the SSD and then something like EncFS/ecryptfs for the respective partitions on the HDD. Would that be workable?
Let me think about the situation you're thinking of (someone else with experience with multi-disk LVM can probably answer this).
Claire is fine.
Problems? I have dysgraphia, so clear and concise please.
My public GPG key for package signing
My x86_64 package repository
Offline
#3 2014-11-04 19:44:25
- frostschutz
- Member
- Registered: 2013-11-15
- Posts: 1,499
Re: Using LVM and LUKS on SSD + HDD combination
You can choose between making each PV a LUKS container (so you'd have one for each disk), or each LV (one for each filesystem).
I'd create an encrypted VG for the SSD; and another for the HDD.
That way, when booting, you have a single encrypted disk (the SSD) which is a standard situation and should be well covered by the standard initramfs;
The HDD can then be decrypted by the installed system, using a keyfile on the encrypted / through the crypttab.
There are some multiple disk suggestions in the wiki but I don't think you actually need them https://wiki.archlinux.org/index.php/Dm … iple_disks
Personally I used a different approach with encrypted keyfiles inside the initramfs (but it's Gentoo) https://wiki.gentoo.org/wiki/Custom_Ini … ed_Keyfile https://wiki.gentoo.org/wiki/Custom_Initramfs/Examples
With encrypted keyfiles, an attacker needs both the passphrase and a copy of the keyfile container...
Last edited by frostschutz (2014-11-04 19:54:05)
Online
#4 2014-12-27 17:55:58
- donuon
- Member
- Registered: 2013-08-28
- Posts: 42
Re: Using LVM and LUKS on SSD + HDD combination
I'm attempting to do something similar here. I had started by creating two LUKS containers one for each drive which I was planning on having / on the SSD and /var, /home and swap on the HDD. However I'm confused on how to properly use pvcreate and vgcreate in order to ensure the separation between drives.
For the keyfiles I was thinking that I could have the root keyfile on USB which I have done before on other systems and then have a keyfile for the other LVM in the root filesystem but I'm not sure if this is the best way to approach this.
Offline
#5 2014-12-27 18:25:56
- bleach
- Member
- Registered: 2013-07-26
- Posts: 264
Re: Using LVM and LUKS on SSD + HDD combination
You could but var on the ssd it never gets that big I have a 10gig var and its over kill but I like having wiggle room without any chance of it having issues effecting other bits of the system. For swap you could create a swap file. For your home you could have it mount when you login with the usser or mount it manually. Both drives would be encrypted just auto mounted at different times. You could still use of machine key file for root of course with this.
Personally I just encrypt home incase my laptop is stolen.
Last edited by bleach (2014-12-27 20:01:43)
Offline
#6 2014-12-28 00:01:36
- donuon
- Member
- Registered: 2013-08-28
- Posts: 42
Re: Using LVM and LUKS on SSD + HDD combination
Thanks bleach. I have the base system up and running now. I found this guide helpful for getting the LVMs and gummiboot up and configed. Off to play now 
Offline
#7 2014-12-28 00:48:09
- TheSaint
- Member
- From: my computer
- Registered: 2007-08-19
- Posts: 1,532
Re: Using LVM and LUKS on SSD + HDD combination
As of UEFI booting, ESP cannot be encrypted.
So, your boot loader will be able to pick up the necessary tools to decrypt your volumes.
I'd say that's not advisable for a beginner. Following our wiki step by step you will get it done.
Whenever you'll use grub, see chapter 5
Last edited by TheSaint (2014-12-28 00:48:53)
do it good first, it will be faster than do it twice the saint 
Offline
Pages: 1