From: Scott Castaline <skotchman@gmail.com>
To: dm-crypt <dm-crypt@saout.de>
Subject: [dm-crypt] Need some suggestions on large drives
Date: Sat, 06 Mar 2010 12:45:48 -0500 [thread overview]
Message-ID: <4B9294CC.10501@gmail.com> (raw)
First, does anyone know how Fedora 12's installer installs LUKS with
LVM2? Do they do LUKS over LVM2 or LVM2 over LUKS?
Second, I have my boot disk (WD 500GB) setup with 2 partitions, the 1st
is non LVM or LUKS as ext4 300MB and used as the /boot. The rest of the
drive or 2nd partition is my 1st VG which is all encrypted and is
divided up with 7 LVs (/, /home, /dnlds, /docs, /graphics, /tmp, /var,
swap01) I setup the swap01 with encrytion and is 1/2 of my total swap
needed (4 GB of RAM total swap = 5 GB, 2.5GB swap01 + 2.5 GB swap02). Is
this what you call mult-layed encryption? I saw that briefly mentioned
in either the Aug 2009 or Sept 2009 archives. Am I wrong for doing that?
Third, I've been reading the discussion on the different encryption
ciphers from the Aug 2009 archive and am thinking of using
serpent-cbc-essiv:sha256. Would this be suitable for a 1TB drive? I'll
be doing this manually so would I 1st create the partition with fdisk
then the luksFormat finally doing the vgcreate and lvcreate. I'll be
doing 2 seperate 1TB drives at the same time set up as separate VGs. One
of them will also have an LV for swap02 which I was planning to
additionally encrypt. Would this be wrong?
Finally, as mentioned in the second paragraph, I have /var as seperate
LV which is within an encrypted VG. The LV is not additionally
encrypted, I had to expand the LV using free space from the 1st VG. I
did it through the GUI for LVM2. It never indicated any errors during
the process and it appears now to have access to the full size of the
expanded LV. However, I now get an error on boot referring to the LV
that /var resides on. Does anyone know the proper way to use e2fsk? I
tried shutting down to single user and unmounting the LV so that I could
execute "e2fsck -VCa mapped-device", but I wasn't able to unmount the LV.
Sory for the long winded post and for going all over the place, but they
are sort of inter-related and I'm trying to straighten them out all
together.
next reply other threads:[~2010-03-06 17:45 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-06 17:45 Scott Castaline [this message]
2010-03-06 19:25 ` [dm-crypt] Need some suggestions on large drives Milan Broz
2010-03-07 1:27 ` Scott Castaline
2010-03-06 20:27 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B9294CC.10501@gmail.com \
--to=skotchman@gmail.com \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.