Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for June 20, 2013
Pencil, Pencil, and Pencil
Dividing the Linux desktop
LWN.net Weekly Edition for June 13, 2013
A report from pgCon 2013
Fedora and LVM
Posted Oct 31, 2012 20:02 UTC (Wed) by nteon (subscriber, #53899)
Posted Oct 31, 2012 22:37 UTC (Wed) by marcH (subscriber, #57642)
Can this be done without LVM? Dunno, maybe. In any case LVM looks like the standard way to do it: well documented, well supported, just works.
Posted Nov 1, 2012 1:38 UTC (Thu) by mstefani (subscriber, #31644)
Posted Nov 1, 2012 7:56 UTC (Thu) by marcH (subscriber, #57642)
Posted Nov 1, 2012 21:34 UTC (Thu) by mstefani (subscriber, #31644)
Posted Nov 1, 2012 23:55 UTC (Thu) by marcH (subscriber, #57642)
I'm not actually asking about the user interface or about how many times you type this or that but about the internal design. Once I understand the design I (we) will be able to draw my (our) own conclusions :->
Posted Nov 2, 2012 1:15 UTC (Fri) by lacos (subscriber, #70616)
/dev/sda1 is plaintext boot.
In experiment (a), /dev/sdb2 was handed to dm-crypt (--> /dev/mapper/luks-UUID), which was then formatted as the single PV in a VG, having three LVs (/, /home, and swap). In this case a single password is used.
In experiment (b), /dev/sdb2 was formatted as a single PV in a VG. Three LVs were created, individually encrypted with dm-crypt (using the same password), and then the three separate luks-UUID devices were formatted as /, /home, and swap. The boot process still only asks for "the" password once.
(Unfortunately, the real goal of this experimentation was not reached. The goal was to see if separately encrypting block devices (ie. in exp. (b)) would keep kcryptd from merging "request streams" targeting those separate devices, before they reach the IO scheduler. Alas, it's insufficient; as far as I understand, kcryptd instances (kernel threads?) are spawned per-CPU, not per-device, and whatever requests a given kcryptd instance issues looks same-origin to the IO scheduler, ie. serialized.
Even in experiment (b), an fsync() that follows a big, scattered write on "/" blocks a read request targeting "/home". I've seen stalls as long as 13 seconds on my laptop.
But it's my understanding that this is being worked on.)
Posted Nov 5, 2012 10:26 UTC (Mon) by mstefani (subscriber, #31644)
Posted Nov 1, 2012 21:01 UTC (Thu) by josh (subscriber, #17465)
Several encrypted partitions with one password and derived keys
Posted Nov 7, 2012 13:24 UTC (Wed) by emmi3 (subscriber, #62443)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds