Hi Jon, > The system on which you might want to read the disk will need to know > how to decrypt it. Do you anticipate hot-plugging it to a running > machine, or trying to boot from it?
In this situation I will have a disk which is used to boot one machine, but does contain data that will be needed on another machine. That machine will definitely not use this disk to boot from, but just as a data disk. I know I could move the data around as an encrypted archive, but my customer wants a solution where the data is only stored on one disk. And yes, they are aware of the potential risks that brings with it. Still, that's how the want it. > The convenience-partitioning-scheme offered by d-i which uses LVM and > encryption also creates a non-encrypted, non-LVM /boot partition, within > which the kernel and initramfs are stored. These are set up to > understand how to interpret both the encryption and LVM. I'm having > trouble seeing why LVM would be much more pain than encryption already > brings you, from a portable POV. (I suppose it's one fewer command to > type!) Ever tried to put a fully encrypted disk with LVM in another machine, without booting from it? If you boot from it there's almost no hassle at all. I know it is possible to mount such a disk. I've used the scenario described at http://canonical.org/~kragen/crypted-disk.html often enough. However, for this sitation I need something a bit more userfriendly. Preferably a scenario where my customer only needs to enter his password when mounting. That's why I thought of leaving LVM out of the picture altogether. In this situation it has no purpose at all, so why use it then? Thanks for trying to help. Grx HdV -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201204041937.31311.hdv.ja...@gmail.com
