meta data for this page
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| linux:fs:luks [2021/02/17 08:25] – niziak | linux:fs:luks [2021/02/17 08:51] (current) – niziak | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | [[https:// | + | [[https:// |
| ====== LUKS on LVM vs LVM on LUKS ====== | ====== LUKS on LVM vs LVM on LUKS ====== | ||
| Line 9: | Line 9: | ||
| - root system can be on unencrypted partition (no password to boot). The same can be achieved with LVM on LUKS on separate partition. | - root system can be on unencrypted partition (no password to boot). The same can be achieved with LVM on LUKS on separate partition. | ||
| - Volumes can span on multiple drives | - Volumes can span on multiple drives | ||
| - | - LVM cache is caching encrypted data (no unecnrypted data leak to cache device) | + | - LVM cache is caching encrypted data (no unecnrypted data leak to cache device). |
| + | - one common SSD cache device can be used if you have encrypted (data) and unecrypted (system) partitions on LVM | ||
| LVM on LUKS (preffered) | LVM on LUKS (preffered) | ||
| Line 17: | Line 18: | ||
| - one unlock of block device give access to all LVM volume created on it. | - one unlock of block device give access to all LVM volume created on it. | ||
| - it is easier to change volumes sizes without touching encryption layer | - it is easier to change volumes sizes without touching encryption layer | ||
| + | - LVM cache is caching decrypted data | ||
| + | - workaround: encrypt also cache device, but for mixed setup (unencrypted and crypted partition) it is need to divide cache device into 2 volumes to serve unencrypted cache for system (no need to provide unlock password). | ||
| ====== Performance ====== | ====== Performance ====== | ||