On Sat, Mar 29, 2014 at 7:49 PM, Patrick Bartek <bartek...@yahoo.com> wrote:
> > Did a couple of trial installs of Wheezy in VirtualBox in anticipation of > the real thing on an as yet to be purchased notebook, and noticed something > puzzling with the Guided-Encrypted-LVM partitioning option. (I've never > done encryption on my systems before.) The installer used a "classic" > Extended partition, i.e. sda5, instead of a Primary one on which to place > the LVMs: /, swap, /home. /boot was a Primary, as expected. Seems like a > unneeded use of a logical partition layer on which to place another layer > of logical partitions. > > Any valid reason for doing this? > Not that i have found. What you propose is exactly how I do mine. I have a roughly 512MB /boot on sda1 and the rest of the drive on sda2, which contains my encrypted partition, within which I put my LVM. > > I'd prefer just two Primary partitions: /boot, and the balance of the > drive for the encrypted LVM partitions. Any reasons for not doing it that > way? > It has worked great for many years for me. I've been running this config or one similar to it (I used to put a separate swap partition, but the last nuke and pave, I figured putting the swap partition within the LVM works better and you only have to encrypt one filesystem. I've been running luks-encrypted partitions since, oh, 2005 or 2006, I think. It's been a while. I don't know about your use cases, but here is something that you might be interested in: http://blog.neutrino.es/2011/unlocking-a-luks-encrypted-root-partition-remotely-via-ssh/ This can be fairly easily set up, but protect the script (encrypted thumb drive works), as your encryption passphrase is contained within the script, but if you are dealing with a remote server, you may wish to consider it. HTH, --b > > Thanks. > > > B > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > Archive: > https://lists.debian.org/20140329164941.077e3...@debian7.boseck208.net > >
