<br><br>
<div class="gmail_quote">On Tue, Jul 19, 2011 at 12:27 AM, Bruno Wolff III <span dir="ltr"><<a href="mailto:bruno@wolff.to">bruno@wolff.to</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">On Mon, Jul 18, 2011 at 23:02:00 +1000,<br>
<div class="im"> yudi v <<a href="mailto:yudi.tux@gmail.com">yudi.tux@gmail.com</a>> wrote:<br>><br></div>
<div class="im">> I did not know that, I was under the impression once the encryption<br>> container is open all the data in that container is decrypted.<br><br></div>No. That wouldn't be practical. Blocks are decrypted as needed.<br>
<div class="im">> > It might be a significant savings if you are doing snapshots or the like<br>> > when LVM is manipulating the data opaquely. The encrypted data can be<br>> > copied around without having to decrypt it.<br>
> ><br>><br>> I guess you mean LV's can be moved around not the data per se.<br><br></div>From the LVs point of view the data is opaque. So if some of the data<br>needs to be moved around it would not need to be decrypted first. If the<br>
LV is on an encrypted device (instead of containing one), then any work<br>with the LV would need to be encrypted or decrypted as appropriate. So<br>There could be savings when you are manipulating the LVs.<br>
<div class="im"><br>> I was playing with Debian and tried this method with even the /boot in the<br>> LVM as GRUB2 can handle booting straight from the LVM but it fails when I<br>> try to have encryption on top of the LVM. Without encryption it works just<br>
> fine.<br><br></div>Fedora has the same limitation. /boot cannot be encrypted and there are some<br>limitations on file systems (though I think the normal ones will all work)<br>and raid (BIOS supported raid should work as well as software raid 1 where<br>
the meta data is at the end of the partition). I am not sure what the<br>status of lvm support for /boot in Fedora.<br></blockquote></div><br>It's not the limitation of Fedora, it's GRUB legacy, GRUB2 can handle the /boot partition in the LVM. /boot still cannot be encrypted. Debian Squeeze comes with GRUB2 thats why I was trying to move the /boot partition to the LVM and encrypt /,/home, and swap LVs.<br clear="all">
<br>-- <br>Kind regards,<br>Yudi<br><br>