Question on LVM and dm-crypt (Acer Aspire One).

If none of the more specific forums is the right place to ask

Question on LVM and dm-crypt (Acer Aspire One).

Postby Tolstoi21 » 2008-09-29 09:19

Hi,

I've read the Debian installation manual and other information on dm-crypt and LVM. I've never used either before, though I have used Linux and Debian for a few years and on many machines.

I bought the Acer Aspire One netbook, and I'm waiting Lenny to stabilize to try out dm-crypt and LVM on it. The idea is to partition the SSD for \boot (since dm-crypt needs this on a separate partition), rest of \, \home and swap space.

First two questions:
Is it true that if I put \, \home and swap on the same volume group and let dm-crypt handle them all, during bootup LUKS needs only one passphrase for all partitions?
Secondly, can someone verify that I can have an automatically encrypted swap space this way, since I would like to use swsuspend (I guess I'll be asked the same passphrase when I resume?)?

This whole setup is complicated by the fact that the Aspire One has only an 8GB internal SSD, and I will (permanently) stick an 8GB SD card on the other of the card slots for further storage.

So my last question is:
How does LVM handle the extra device? Since 8GB would make for an excessively large \ (sans \boot) and swap space, is it possible to extend \home across the physical devices in LVM?
Another, perhaps a much easier option (considering backups too), would be to use the rest of the internal SSD for a smallish \home and add the SD card as \extraspace (or something else out-of-the-spec like) and mount it under \home\username\extraspace. Is it possible to do this and still use dm-crypt---and have the two physical devices on the same volume group, thus having only one passphrase for the whole system?

Thank you in advance for any comments.
Tolstoi21
 
Posts: 197
Joined: 2007-05-14 11:34

Postby Absent Minded » 2008-10-14 19:22

I just have to comment that you are using the wron slash (\) it should be / for linux. I just though it was comical since you mention that you have been using linux for several years.

As for your problem I have no real idea but my post will bump yours into being active again so someone may see it.
Serving the community the best way I can.
Spreading the tradition of Community Spirit.
Please read some Basic Forum Philosophy
Give a man a fish, he eats for a day. Teach him how to fish, he eats for life.
Updated Nov. 19, 2012
User avatar
Absent Minded
 
Posts: 3758
Joined: 2006-07-09 08:50
Location: Washington State U.S.A.

Re: Question on LVM and dm-crypt (Acer Aspire One).

Postby infinitycircuit » 2008-10-14 20:44

Tolstoi21 wrote:Hi,

I've read the Debian installation manual and other information on dm-crypt and LVM. I've never used either before, though I have used Linux and Debian for a few years and on many machines.

I bought the Acer Aspire One netbook, and I'm waiting Lenny to stabilize to try out dm-crypt and LVM on it. The idea is to partition the SSD for \boot (since dm-crypt needs this on a separate partition), rest of \, \home and swap space.

First two questions:
Is it true that if I put \, \home and swap on the same volume group and let dm-crypt handle them all, during bootup LUKS needs only one passphrase for all partitions?
Secondly, can someone verify that I can have an automatically encrypted swap space this way, since I would like to use swsuspend (I guess I'll be asked the same passphrase when I resume?)?

This whole setup is complicated by the fact that the Aspire One has only an 8GB internal SSD, and I will (permanently) stick an 8GB SD card on the other of the card slots for further storage.

So my last question is:
How does LVM handle the extra device? Since 8GB would make for an excessively large \ (sans \boot) and swap space, is it possible to extend \home across the physical devices in LVM?
Another, perhaps a much easier option (considering backups too), would be to use the rest of the internal SSD for a smallish \home and add the SD card as \extraspace (or something else out-of-the-spec like) and mount it under \home\username\extraspace. Is it possible to do this and still use dm-crypt---and have the two physical devices on the same volume group, thus having only one passphrase for the whole system?

Thank you in advance for any comments.


1. yes, only one passphrase will be required.

2. yes, your swap is inside the encrypted volume so it should be encrypted.

3. as far as I know, part of the point of setting up encrypted lvm to is to have one passphrase for multiple physical devices, so I don't think that would be a problem.
I am currently a Debian Maintainer. I am also in the New Maintainers' Queue.
infinitycircuit
 
Posts: 1137
Joined: 2007-07-24 03:31
Location: California

Postby Tolstoi21 » 2008-10-15 10:27

Ok, thank you both (funny indeed that I got / wrong).

I'll try to test different setups this week on Lenny and see how much encryption actually impacts performance on the already slow SSD and purely software based AES on the intel atom. If someone cares I might post some of my feelings here (it's the same basic setup, CPU and chipset, as with the asus eee)
Tolstoi21
 
Posts: 197
Joined: 2007-05-14 11:34


Return to General Questions

Who is online

Users browsing this forum: No registered users and 19 guests

fashionable