Mike Hommey, 2010-09-23 17:14:01 +0200 : > On Thu, Sep 23, 2010 at 11:50:26PM +0900, Osamu Aoki wrote: >> On Thu, Sep 23, 2010 at 03:13:06PM +0100, Simon McVittie wrote: >> ... >> > By policy, we use full-disk encryption at my workplace (where full-disk >> > really means "except the bootloader and /boot"). For a 2-year-old recipe >> > for >> > it, which I believe still mostly works with grub2, see >> > http://smcv.pseudorandom.co.uk/2008/09/cryptroot/ >> >> Can we maintain suspend/resume type-features with such configuration? >> >> Unless we use unencrypted swap, it seems we have to give up >> suspend/resume. Then we a bit of loose security .... >> >> How people cope with this on laptop ... I am curious. > > You only need to give up *randomized* swap encryption. You can still > have an encrypted swap, you just can't use a random key.
Indeed. My current setup is that sda1 is small, unencrypted and holds /boot only. sda2 is the whole rest of the hard disk, and it's mapped to a LUKS device used as a physical volume for LVM, and there are several LVs on there, including those mounted as filesystems and one for swap. Roland. -- Roland Mas Au royaume des aveugles, il y a des borgnes à ne pas dépasser. -- in Soeur Marie-Thérèse des Batignoles (Maëster) -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87lj6seask....@mirexpress.internal.placard.fr.eu.org
