Cryptsetup & luks

unijabnx2000

Am I a real member?

​

Joined

Jul 9, 2011

Location

NC

• Mar 30, 2014

• #1

When it comes to encryption & LVM... would it better to encrypt the physical volumes or the logical volumes?
Or would neither have an advantage over the other?

Thanks.

 

Automata

Destroyer of Empires and Use

​

Joined

May 15, 2006

• Mar 31, 2014

• #2

When I was running LUKS on my laptop, I encrypted the second partition (first was boot). In this encrypted container was the LVM objects. I found this was much easier to setup and work with.

Fairly sure there is an advantage to it, but it has been long enough that I can't recall. Check the Arch Linux wiki; I know they go over it in painful detail.

 

OP

unijabnx2000

Am I a real member?

​

Joined

Jul 9, 2011

Location

NC

• Mar 31, 2014

• Thread Starter
• #3

Id assume that its best to not automount the encrypted partitions at startup?

 

Automata

Destroyer of Empires and Use

​

Joined

May 15, 2006

• Mar 31, 2014

• #4

Can you explain your setup or what you want to do? The answer varies.

 

OP

unijabnx2000

Am I a real member?

​

Joined

Jul 9, 2011

Location

NC

• Mar 31, 2014

• Thread Starter
• #5

Dont really have a particular scenario. Im taking redhat I and Im on the chapter about luks, and I was wondering which was preferred/recommended.

 

Last edited: Apr 2, 2014

Automata

Destroyer of Empires and Use

​

Joined

May 15, 2006

• Mar 31, 2014

• #6

If you are referring to the main partition, then no, auto decrypting defeats the entire purpose of encrypting in the first place. If you had another drive that was encrypted, you could have it auto decrypt once the operating system is running. That would be ok.

 

OP

unijabnx2000

Am I a real member?

​

Joined

Jul 9, 2011

Location

NC

• Apr 2, 2014

• Thread Starter
• #7

HOw about this:
If you try to encrypt an extended partition(that contains one or more logical partitions) When you do the luksFormat, wouldnt that 'destroy' the logical partitions?

 

Automata

Destroyer of Empires and Use

​

Joined

May 15, 2006

• Apr 2, 2014

• #8

If you encrypt something that had data, you'd lose it, yes. LUKS doesn't convert the partition to encrypted.

 

OP

unijabnx2000

Am I a real member?

​

Joined

Jul 9, 2011

Location

NC

• Apr 2, 2014

• Thread Starter
• #9

So if i wanted to encrypt an extended partition; id encrypt it, open it, and then partition the mapped dev, then mkfs format that...correct?

 

Automata

Destroyer of Empires and Use

​

Joined

May 15, 2006

• Apr 2, 2014

• #10

Correct. Encrypt, open the encrypted partition, create LVM/filesystems.