Op vrijdag 8 januari 2010 13:40:00 schreef Γιώργος Πάλλας: > Stan Hoeppner wrote: > > Sjors van der Pluijm put forth on 1/8/2010 5:13 AM: > >> 3. Is it ok to have swap and /boot on an encrypted LVM? > > > > Never run encryption on swap. Doing so merely burdens performance. I > > doubt even NSA, CIA, MI6 encrypt swap partitions on workstations. > > > > I've never tried to boot from an encrypted /boot, so I really can't say > > if it would work or not. Why can't/won't you create 3 partitions? > > > > [boot] 100MB mounted as /boot normal ext2 > > [swap] 1-8GB mounted as normal swap partition > > [root] [remaining space] mounted as /root and encrypted however you like > > I run a couple of identical machines, some with full disk encryption > (i.e. everything including swap except /boot which you cannot encrypt) > and some where only home is encrypted with LUKS. Never noticed any > performance impact. I think that swap encryption is *mandatory* for the > reason of there being written many things that shouldn't in case they > are sensitive. And I guess this why the approach of the debian installer > should you choose to encrypt includes swap encryption. > > G. >
Ok, getting a clear picture here. I will have /boot en / on a seperate partition. The remainer will be encrypted and configured using LVM (/home, /tmp, /var and swap) Thanks! -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
