You are not logged in.
Hello,
I was reading up about lvm and luks and decided I want to encrypt my system. Until now I have been using truecrypt to encrypt a data partition which get mounted during boot. I recently bought myself a netbook and since then I've been pondering how to make the most use of HD space and keeping it secure should it get stolen.
I have 3 Harddrives in my tower. One of the HDs is my backup drive. The other two are for OSs. What I would like to do is
1) Create an encrypted volume group on HD 1 (has about 650 Gb).
2) Create 2 LVs for /root /home on HD1
3) Rsync /root and /home to the LVs HD2 -> HD1
4) HD2 secure erase
5) create VG on HD2 and add it to VG on HD1
*** My Question ***
While reading up on lvm and luks I came upon this article and I'm not quite sure which one is better suited for my situation. I don't know how easy it is to grow/add to an encrypted vg or lg.
There are two ways of setting up an encrypted disk using LVM:
1. Create the LVM and encrypt every volume separately
2. Set up LVM on top of an encrypted partition
source :: http://www.pindarsign.de/webblog/?p=767
Update : Using badblocks on /dev/sda4 didn't work as intended. It completely wiped /dev/sda. One way of going Windows free.
Luckily enough windows 7 was still able to boot without a partition table (scratches head), so I was able to copy some saved games and the downloads folder.
Last edited by whitethorn (2011-09-19 15:12:12)
Offline
i went with an lvm on a encrypted partition with my netbook (thinpad S10) and am happy with it plus i think it is much more conveniant to just type in one key on booting and i have an encrypted swap that way.
Don't forget that you need an extra /boot partition the rest can be done by the installer of the new release
Offline
i went with an lvm on a encrypted partition with my netbook (thinpad S10) and am happy with it plus i think it is much more conveniant to just type in one key on booting and i have an encrypted swap that way.
Don't forget that you need an extra /boot partition the rest can be done by the installer of the new release
Would this work with a multiple Disk system? I guess I'll just give it a try and see what happens, if it doesn't work I can always go the distance and follow the luks howto .
Offline
AFAIK you cannot resize luks/dm_crypt devices, so you lose a lot of the flexibility if you put luks on top. of lvm.
personally i do full disk encryption with luks/dm_crypt, then lvm on top of that.
btw the arch installer supports both scenarios out of the box.
Last edited by Dieter@be (2011-09-20 10:08:57)
< Daenyth> and he works prolifically
4 8 15 16 23 42
Offline
AFAIK you cannot resize luks/dm_crypt devices, so you lose a lot of the flexibility if you put luks on top. of lvm.
personally i do full disk encryption with luks/dm_crypt, then lvm on top of that.btw the arch installer supports both scenarios out of the box.
Sounds like what I'm doing right now. I encrypted my first HD then added lvm on top of that. It took a little while to get a seperate boot working and chroot to get all the files setup how I want. At the moment I'm randomizing a 2 Tb harddrive 10 hours 85%. Once it finishes encrypt the drive and add lvm on top. I'm not quite sure if I can grow my /home with the space from the 2nd drive and how to decrypt it during boot
Offline