Re: Make fully encrypted disk without LVM during install



Hi Jon,

The system on which you might want to read the disk will need to know
how to decrypt it. Do you anticipate hot-plugging it to a running
machine, or trying to boot from it?

In this situation I will have a disk which is used to boot one machine, but
does contain data that will be needed on another machine. That machine will
definitely not use this disk to boot from, but just as a data disk.

I know I could move the data around as an encrypted archive, but my customer
wants a solution where the data is only stored on one disk. And yes, they are
aware of the potential risks that brings with it. Still, that's how the want
it.

The convenience-partitioning-scheme offered by d-i which uses LVM and
encryption also creates a non-encrypted, non-LVM /boot partition, within
which the kernel and initramfs are stored. These are set up to
understand how to interpret both the encryption and LVM. I'm having
trouble seeing why LVM would be much more pain than encryption already
brings you, from a portable POV. (I suppose it's one fewer command to
type!)

Ever tried to put a fully encrypted disk with LVM in another machine, without
booting from it? If you boot from it there's almost no hassle at all. I know
it is possible to mount such a disk. I've used the scenario described at
http://canonical.org/~kragen/crypted-disk.html often enough. However, for this
sitation I need something a bit more userfriendly. Preferably a scenario where
my customer only needs to enter his password when mounting. That's why I
thought of leaving LVM out of the picture altogether. In this situation it has
no purpose at all, so why use it then?

Thanks for trying to help.

Grx HdV


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
Archive: http://lists.debian.org/201204041937.31311.hdv.jadev@xxxxxxxxx