You are not logged in.

#1 2022-10-03 13:42:47

Andy3153
Member
Registered: 2018-12-24
Posts: 89

Seeking some advice for making a fully encrypted install

So, I've made encrypted installs before, through LVM on LUKS, and I quite like that method, firstly because it doesn't show much at all about the LV layout at all, but secondly because it feels more straightforward. But, I wish to extend the installation in the future, maybe add another drive to the computer. And I was thinking, how could I do that without resorting to LUKS on LVM? Can a LUKS volume be extended across multiple devices? Or, is it good to have LVM, then LUKS on a LV, then, inside that LUKS LV, LVM again? It just sounds very complicated, and it might add some overhead, maybe?

Offline

#2 2022-10-03 15:30:44

frostschutz
Member
Registered: 2013-11-15
Posts: 1,647

Re: Seeking some advice for making a fully encrypted install

It's possible but I'd rather not span a single LUKS container across multiple drives, or LVM on LVM...

I use regular LVM on LUKS. In case of multiple drives / partitions, that means multiple LUKS containers, each providing one encrypted PV for the LVM.

The only complication with that is the regular mkinitcpio encyrpt hook only handles a single device. You have to use systemd/sd-encrypt or a custom hook to handle multiple ones.

Offline

#3 2022-10-03 16:02:04

Andy3153
Member
Registered: 2018-12-24
Posts: 89

Re: Seeking some advice for making a fully encrypted install

frostschutz wrote:

It's possible but I'd rather not span a single LUKS container across multiple drives

Well, what's your concerns?


frostschutz wrote:

I use regular LVM on LUKS. In case of multiple drives / partitions, that means multiple LUKS containers, each providing one encrypted PV for the LVM.

Wow.. I didn't really think of that

frostschutz wrote:

The only complication with that is the regular mkinitcpio encyrpt hook only handles a single device. You have to use systemd/sd-encrypt or a custom hook to handle multiple ones.

What would be needed to get done? I already wanna use the systemd hooks because I want to use Plymouth for a graphical password prompt

Offline

Board footer

Powered by FluxBB