I have a laptop I'd like to set up like this: partition 1: MS Windows (already there) partition 2: / or maybe just /boot parition 3: LVM group I want to create different logical volumes out of the LVM group, and encrypt some of them.
Is this possible? I ran into trouble trying to do it (see report #450812), and can't tell clearly if it's supposed to work. Reasons to think no: 1. The development version of the installation guide at http://d-i.alioth.debian.org/manual/en.i386/ch06s03.html#di-partition in section 6.3.2.1 only discusses the case in which you selected encrypted LVM, apparently applying to the whole volume. E.g., "When using LVM or encrypted LVM, the installer will create most partitions inside one big partition" 2. Although early discussion says "First you will be given the opportunity to automatically partition either an entire drive, or available free space on a drive," the later discussion of guided partitions sounds as if it will wipe out the whole drive: "When using encrypted LVM, the installer will also automatically erase the disk by writing random data to it"; "If you choose guided partitioning using LVM or encrypted LVM, some changes in the partition table will need to be written to the selected disk while LVM is being set up. These changes effectively erase all data that is currently on the selected hard disk" I read this as saying any use of LVM with guided partitioning will wipe out everything on the disk; I hope that is not what really happens. 3. The discussion of manual partitioning later in 6.3.2.1 has nothing indicating partial encryption is possible with LVM. 4. Section 6.3.2.4 says "In the Partition settings menu, you need to select physical volume for encryption at the Use as: option." In LVM "physical volume" differs from "logical volume." I want to encrypt the latter. The (development) graphical installer itself used the "physical volume" terminology. Reasons to think yes: 1. 6.3.2.4 says "To use encryption, .... Another option is to choose an existing partition (e.g. a regular partition, an LVM logical volume". Unfortunately, this sentence is immediately followed by the one quoted in point 4 above. 2. That would be a sensible way for the world to be. If encryption is a layer, it shouldn't care if it's sitting on top of a virtual or physical partition/disk. The items cited under "no" might just be sloppy or old language. http://www.debian.org/releases/stable/debian-installer/index#errata says the graphical installer (which is what I used) has limited support for encrypted volumes. The development installation manual only mentions a problem generating random keys, and the development installer I ran did offer them as an option. Since random keys only make sense for swap, and since they disable suspend to disk, I don't want to use them anyway. Of course, maybe the overhead of encrypting all the LVM volume is minor, and I should just go ahead and do that. I assume that if I encrypt volumes separately I'll need to enter a password for each one each time I start, which is a pain (but maybe it will try the first response on later volumes?). The laptop has an Intel Core 2 Duo T7300, 2GHz. Thanks for any help you can offer. Ross Boylan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
