Op vrijdag 8 januari 2010 12:26:37 schreef Stan Hoeppner: > Sjors van der Pluijm put forth on 1/8/2010 5:13 AM: > > 3. Is it ok to have swap and /boot on an encrypted LVM? > > Never run encryption on swap. Doing so merely burdens performance. I > doubt even NSA, CIA, MI6 encrypt swap partitions on workstations. Well, I might heave read wrong, but I thought the Debian installer warned me not to leave swap unencrypted while other partitions are encrypted. It makes sense too: sensitive content could easily be written to swap.
> I've never tried to boot from an encrypted /boot, so I really can't say if > it would work or not. Why can't/won't you create 3 partitions? > > [boot] 100MB mounted as /boot normal ext2 > [swap] 1-8GB mounted as normal swap partition > [root] [remaining space] mounted as /root and encrypted however you like Just found out that /boot should not be in LVM because bootloaders might not understand it. /boot unencrypted does not seem to be the end of the world. http://tldp.org/HOWTO/LVM-HOWTO/benefitsoflvmsmall.html > > -- > Stan > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
