[clug] Ubuntu encrypted file systems

Jack Kelly endgame.dos at gmail.com
Wed Aug 19 01:34:15 MDT 2009 

On Wed, Aug 19, 2009 at 4:17 PM, Ian McLeod<ianmcleod75 at gmail.com> wrote:
> Jack Kelly wrote:
>>
>> I made a 256mb /boot and put everything else on a crypto fs. I put a
>> LVM volume on that, made a volume group containing a swap LV and a
>> root LV. Hibernate works (I just tried while typing this post).
>>
>> I'm not sure if the guided encrypted LVM option would work.
>>
>> -- Jack
>>
>
> Excellent - so you have a functioning hibernate and suspend with an
> encrypted /var /tmp /home /swap configuration?  Although you had to do this
> from install using the alternate install disk?  It seems migration is not
> advisable.

I suspect migration isn't advisable if you don't know what you're
doing. I thought I had it worked out, and I was mistaken.

I believe what happens (kernel gurus correct me please) is that the
hibernate process writes the system state to the swap partition.

I have the swap partition as a logical volume in the same volume group
as my root partition. This means that it can be decrypted by the same
passphrase, so I still only have to type it once on boot. I'm not sure
what the guided partitioner's LVM+crypto option does. If it puts the
swap on its own partition encrypted by a randomly generated key, then
it's not going to work, because the system can't see the hibernation
data on the next boot.

In summary:
/dev/sda2 is a physical volume for crypto, decrypted to /dev/mapper/sda2_crypt
/dev/mapper/sda2_crypt is a physical volume for LVM.
"xubuntu" is a LVM volume group containing /dev/mapper/sda2_crypt and
nothing else. It contains 2 logical volumes: swap (3GB) and root
(ext4, mounted with default options).

> What system are you using and any overhead noticeable?  Apparently even an
> Atom CPU (netbook) can work quite happily with filesystem level encryption
> with plenty of RAM (this netbook has 2GB) for caching.

I'm happy with it and I think I'm pretty fussy about performance. I'm
using an Acer Aspire One (1.6GHz atom, 120GB hdd, 1.5GB RAM). Resume
from hibernate does take a while, though.

Good Luck!

-- Jack

More information about the linux mailing list