On 04/15/2015 08:01 AM, ken wrote:
What options or features does one get by putting the LUKS container in a
partition rather than putting it on a raw drive?
I am not aware of any technical advantages or disadvantages of LUKS on a
raw drive vs. LUKS on a partition. For me, it's more a matter of
personal habit/ psychology in the face of several computers, many
drives, and changing conditions over the years.
Prior to running encrypted drives, I used to wipe (zero) drives when I
took them out of service. Since migrating to LUKS partitions, sometimes
I wipe, sometimes I shred, and sometimes I just put the drive aside. So
now when I grab a spare drive off the shelf, I look for a partition table:
1. If the first megabyte has been zeroed:
2015-04-15 08:54:44 root@t2250 ~
# dd if=/dev/zero of=/dev/sdc bs=1M count=1
1+0 records in
1+0 records out
1048576 bytes (1.0 MB) copied, 1.10429 s, 950 kB/s
2015-04-15 08:56:11 root@t2250 ~
# parted /dev/sdc u s p free
Error: /dev/sdc: unrecognised disk label
2. If the first megabyte has been filled with random numbers:
2015-04-15 08:56:14 root@t2250 ~
# dd if=/dev/urandom of=/dev/sdc bs=1M count=1
1+0 records in
1+0 records out
1048576 bytes (1.0 MB) copied, 0.459263 s, 2.3 MB/s
2015-04-15 08:56:41 root@t2250 ~
# parted /dev/sdc u s p free
Error: /dev/sdc: unrecognised disk label
3. If the raw drive has a LUKS container:
2015-04-15 08:56:54 root@t2250 ~
# cryptsetup luksFormat /dev/sdc
WARNING!
========
This will overwrite data on /dev/sdc irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
2015-04-15 08:57:49 root@t2250 ~
# parted /dev/sdc u s p free
Error: /dev/sdc: unrecognised disk label
Note that the output of parted is the same for all three cases --
"Error: /dev/sdc: unrecognised disk label". So, if the drive had a raw
LUKS container, I'd mistake it as zeroed or shredded, and proceed to
destroy the data.
If the drive has a partition table and one large partition with a LUKS
container:
2015-04-15 08:57:52 root@t2250 ~
# parted /dev/sdc mklabel gpt
Information: You may need to update /etc/fstab.
2015-04-15 09:00:00 root@t2250 ~
# parted /dev/sdc mkpart primary 0% 100%
Information: You may need to update /etc/fstab.
2015-04-15 09:00:32 root@t2250 ~
# cryptsetup luksFormat /dev/sdc1
WARNING!
========
This will overwrite data on /dev/sdc1 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
2015-04-15 09:00:48 root@t2250 ~
# parted /dev/sdc u s p free
Model: SanDisk SanDisk Cruzer (scsi)
Disk /dev/sdc: 7913471s
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Number Start End Size File system Name Flags
34s 2047s 2014s Free Space
1 2048s 7911423s 7909376s primary
7911424s 7913437s 2014s Free Space
Now '/dev/sdc u s p free' shows a partition table with an entry, so I
would be prompted to figure out what is in that partition. LUKS? LVM?
ZFS? Something else? Better not stomp on it just yet...
David
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/552e92f4.7010...@holgerdanske.com
