From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KsnieoiNj36m for ; Wed, 10 Aug 2011 10:43:38 +0200 (CEST) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mail.saout.de (Postfix) with ESMTP for ; Wed, 10 Aug 2011 10:43:37 +0200 (CEST) Message-ID: <4E4244B6.9020509@redhat.com> Date: Wed, 10 Aug 2011 10:43:34 +0200 From: Milan Broz MIME-Version: 1.0 References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Protection against data failure List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Sun_Blood Cc: dm-crypt@saout.de On 08/10/2011 10:14 AM, Sun_Blood wrote: > Lucky I see that cryptsesetup has the luksHeaderBackup function. (LVM > also have a similar function). > My question here is if I accidental overwrite the first 5% of the disk > could I with this option restore and access the 95% rest of the system > data? Just short answer: both (luksHeaderBackup for LUKS and vgcfgbackup for LVM) create backup of _metadata_ not the data. With these backups you are able to recover LVM over LUKS mappings. Take is as backup of /etc with configuration of your system - it is good idea to regularly backup system config. But it says nothing about data on volumes itself. So it is obviously not replacement for normal data backup, just prerequisite. > And I final question. The output from luksHeaderBackup how sensitive > is that information? Is it like handing somebody my password if I > store it on a local unencrypted disk? It is written in man page. To decrypt drive you need LUKS header (or backup of it - even old with old keyslots) AND passhprase to some keyslot in it. LUKS header backup is basically just image of start of the disk - you can create similar backup using dd. See http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#6._Backup_and_Data_Recovery Milan