On Mon, Jul 18, 2011 at 23:02:00 +1000, yudi v <yudi.tux@xxxxxxxxx> wrote: > > I did not know that, I was under the impression once the encryption > container is open all the data in that container is decrypted. No. That wouldn't be practical. Blocks are decrypted as needed. > > It might be a significant savings if you are doing snapshots or the like > > when LVM is manipulating the data opaquely. The encrypted data can be > > copied around without having to decrypt it. > > > > I guess you mean LV's can be moved around not the data per se. >From the LVs point of view the data is opaque. So if some of the data needs to be moved around it would not need to be decrypted first. If the LV is on an encrypted device (instead of containing one), then any work with the LV would need to be encrypted or decrypted as appropriate. So There could be savings when you are manipulating the LVs. > I was playing with Debian and tried this method with even the /boot in the > LVM as GRUB2 can handle booting straight from the LVM but it fails when I > try to have encryption on top of the LVM. Without encryption it works just > fine. Fedora has the same limitation. /boot cannot be encrypted and there are some limitations on file systems (though I think the normal ones will all work) and raid (BIOS supported raid should work as well as software raid 1 where the meta data is at the end of the partition). I am not sure what the status of lvm support for /boot in Fedora. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
