On Tue, Jul 19, 2011 at 12:27 AM, Bruno Wolff III <br...@wolff.to> wrote:
> On Mon, Jul 18, 2011 at 23:02:00 +1000, > yudi v <yudi....@gmail.com> wrote: > > > > I did not know that, I was under the impression once the encryption > > container is open all the data in that container is decrypted. > > No. That wouldn't be practical. Blocks are decrypted as needed. > > > It might be a significant savings if you are doing snapshots or the > like > > > when LVM is manipulating the data opaquely. The encrypted data can be > > > copied around without having to decrypt it. > > > > > > > I guess you mean LV's can be moved around not the data per se. > > From the LVs point of view the data is opaque. So if some of the data > needs to be moved around it would not need to be decrypted first. If the > LV is on an encrypted device (instead of containing one), then any work > with the LV would need to be encrypted or decrypted as appropriate. So > There could be savings when you are manipulating the LVs. > > > I was playing with Debian and tried this method with even the /boot in > the > > LVM as GRUB2 can handle booting straight from the LVM but it fails when I > > try to have encryption on top of the LVM. Without encryption it works > just > > fine. > > Fedora has the same limitation. /boot cannot be encrypted and there are > some > limitations on file systems (though I think the normal ones will all work) > and raid (BIOS supported raid should work as well as software raid 1 where > the meta data is at the end of the partition). I am not sure what the > status of lvm support for /boot in Fedora. > It's not the limitation of Fedora, it's GRUB legacy, GRUB2 can handle the /boot partition in the LVM. /boot still cannot be encrypted. Debian Squeeze comes with GRUB2 thats why I was trying to move the /boot partition to the LVM and encrypt /,/home, and swap LVs. -- Kind regards, Yudi
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
