From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] help mounting partitions in an encrypted disk after first reboot
Date: Sun, 18 Jun 2017 17:51:32 +0200 [thread overview]
Message-ID: <20170618155131.GA10207@tansi.org> (raw)
In-Reply-To: <30e43ff9-211d-d486-bf98-8faf91dfdb69@gmx.net>
On Sun, Jun 18, 2017 at 17:25:41 CEST, Carl-Daniel Hailfinger wrote:
> On 18.06.2017 09:25, Michael Kjörling wrote:
[...]
> That (LVM inside a LUKS container) is the standard scheme proposed by
> Ubuntu for an encrypted installation. It works out of the box (needs
> just a single click in the Ubuntu installer), is well-tested and
> supports resizing the encrypted logical volumes at a later date.
But keep in mind that it makes things a lot more complicated,
hence violating KISS. It is easier for doing fully automated
stuff, like a distro-installer would do, but as soon as you
do things manually, LVM is more of a problem than a solution.
We have had many people here on the list that killed their
LUKS containers by overwriting the headers with LVM or
as a result of LVM misconfiguration and we had others that
managed to change the LVM setup and then were unable to
find their LUKS containers afterwards.
My advice would be to stay away from LVM. In this scenario
it does not do more than a "partprobe" would do and it has
no advantages. It is a case of something that looks simple,
but is not, and that is the worst kind. If the ritual fails
(and complex things that look simple are usually done by
ritual, not by understanding), you are screwed.
Of course, in the Windows-world, that approach is standard
and it has been creeping into Linux for a while now (see,
e.g. systemd, LVM, udev, etc.). This is probably due to people
comming into the Linux community that never understood what
the problem with the Windows-approach is.
Sorry for the rant, I just ran into a problem with udev
(again) an hour ago that makes me want to rip this whole
crappy "automess" stuff out.
Regards,
Arno
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
next prev parent reply other threads:[~2017-06-18 15:51 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-18 6:49 [dm-crypt] help mounting partitions in an encrypted disk after first reboot Julio Gago
2017-06-18 7:25 ` Michael Kjörling
2017-06-18 8:30 ` Julio Gago
2017-06-18 15:25 ` Carl-Daniel Hailfinger
2017-06-18 15:51 ` Arno Wagner [this message]
2017-06-18 22:26 ` Carl-Daniel Hailfinger
2017-06-18 23:01 ` Arno Wagner
2017-06-19 19:02 ` Carl-Daniel Hailfinger
2017-06-19 21:34 ` Arno Wagner
2017-06-18 15:40 ` Arno Wagner
2017-06-18 17:21 ` Julio Gago
2017-06-18 18:03 ` Arno Wagner
2017-06-18 19:13 ` Julio Gago
2017-06-18 20:07 ` Arno Wagner
2017-06-18 18:45 ` Michael Kjörling
2017-06-18 19:03 ` Arno Wagner
2017-06-19 22:04 ` Sven Eschenberg
2017-06-19 22:48 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170618155131.GA10207@tansi.org \
--to=arno@wagner.name \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.