Luks on md device or lvm

New to Debian (Or Linux in general)? Ask your questions here!

Luks on md device or lvm

Postby alikzn101 » 2020-10-16 22:18

Hi Guys

Which is the better option to follow, to encrypt the md device or to have encryption on the LVM ? I can see an option to apply encryption on the LVM but not on the md device in the installer.

thanks
Al
alikzn101
 
Posts: 8
Joined: 2020-10-09 01:06

Re: Luks on md device or lvm

Postby sickpig » 2020-10-16 22:28

alikzn101 wrote:md device

What is that?
User avatar
sickpig
 
Posts: 575
Joined: 2019-01-23 10:34

Re: Luks on md device or lvm

Postby alikzn101 » 2020-10-16 23:19

sickpig wrote:
alikzn101 wrote:md device

What is that?


RAID
alikzn101
 
Posts: 8
Joined: 2020-10-09 01:06

Re: Luks on md device or lvm

Postby p.H » 2020-10-17 07:46

alikzn101 wrote:Which is the better option to follow, to encrypt the md device or to have encryption on the LVM ?

Do you mean use the RAID array /dev/md* as a LUKS device and use the resulting encrypted volume /dev/mapper/md*_crypt as an LVM physical volume vs use an LVM logical volume /dev/vg/lv as a LUKS device ? Or do you mean using either LVM or md RAID, not both combined ? It depends on your needs and use case for using RAID and LVM.

As a general rule, is is more convenient to use as few LUKS devices as possible because a passphrase must be provided to open each device.

If you have several LVs and want some to be encrypted and some unencrypted, then you must use LVs as LUKS devices.
If you have one PV and want all LVs to be encrypted, it is simpler to use an encrypted volume as the PV.
If you have multiple PVs and one LV, it is simpler to use the LV as a LUKS device.
If you have (or plan to have) multiple PVs and multiple LVs all encrypted, you can set up two-layer LVM :
- one primary unencrypted VG using physical devices and containing one LV used as a single LUKS device
- the resulting encrypted device used as a PV for a secondary VG containing the LVs.
This way you can spread the encrypted VG over multiple devices without creating multiple LUKS devices.

alikzn101 wrote:I can see an option to apply encryption on the LVM but not on the md device in the installer.

For this you must use manual partitioning.
p.H
 
Posts: 1489
Joined: 2017-09-17 07:12


Return to Beginners Questions

Who is online

Users browsing this forum: No registered users and 9 guests

fashionable