Differences

This shows you the differences between two versions of the page.

--- linux:fs:luks [2017/07/07 22:54] – [Fill with random data] niziak
+++ linux:fs:luks [2021/02/17 08:51] (current) – niziak
@@ Line 1: / Line 1: @@
-[[https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system|https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system]]
+[[https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system|https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system|dm-crypt/Encrypting an entire system]]
 ====== LUKS on LVM vs LVM on LUKS ======
@@ Line 8: / Line 8: @@
   - good for multiuser environment
   - root system can be on unencrypted partition (no password to boot). The same can be achieved with LVM on LUKS on separate partition.
+  - Volumes can span on multiple drives
+  - LVM cache is caching encrypted data (no unecnrypted data leak to cache device).
+    - one common SSD cache device can be used if you have encrypted (data) and unecrypted (system) partitions on LVM
 LVM on LUKS (preffered)
@@ Line 15: / Line 18: @@
   - one unlock of block device give access to all LVM volume created on it.
   - it is easier to change volumes sizes without touching encryption layer
+  - LVM cache is caching decrypted data
+    - workaround: encrypt also cache device, but for mixed setup (unencrypted and crypted partition) it is need to divide cache device into 2 volumes to serve unencrypted cache for system (no need to provide unlock password).
 ====== Performance ======
@@ Line 87: / Line 92: @@
 <code>
 cryptsetup open --type plain /dev/sda5 tempcontainer
-dd if=/dev/zero of=/dev/mapper/tempcontainer bs=64k
+dd if=/dev/zero of=/dev/mapper/tempcontainer bs=64M
 cryptsetup luksClose tempcontainer
 </code>

Tools

menus and quick search

quick search

site status

Page Tools

meta data for this page

Differences