pe, 2010-06-04 kello 14:31 +0200, Philippe Cerfon kirjoitti: > Well,... I rethought the whole thing. > I still think that RAID should be at the bottom, but then we can have either: > a) disk-->RAID-->dm-crypt-->LVM-->fs > or > b) disk-->RAID-->LVM-->dm-crypt-->fs > > (a) seems to be more naturally, as LVM is (as you've said) directly > below the fs,.. but... if I now add new disk because I want to enlarge > the fs,... I'll end up in using at least different master keys, as > dm-crypt is below LVM, right? Yes, if you add it as a new physical volume for the LVM, you'd indeed have two separate dm-crypt devices to initialize. However, for some needs and configurations, you could simply reshape the underlying RAID to encompass the new media, and resize the existing encrypted physical volume. The Linux software raid stack supports reshaping of at least raid-5 and 6 configurations, IIRC (as well as raid-5 to raid-6 reshaping). > I start e.g. with /dev/sd[a-d],... putting the RAID/MD directly on > sd[a-d] or on sd[a-d]1? While you can use unpartitioned disks as Thomas said, I'd rather make them single partition in anticipation of some random tool or another getting confused about it. (Also, I'm not quite sure if the usual raid autoconfiguration works without type fd partitions, but it may be...) > I've noticed that discussion about TRIM and SSDs,... so I understand > that for now it is not supported. Correct, though there was that link on this list earlier to a patched wiper.sh script that you can, if you wish, run sometimes to clear away the unused areas. "Worked for me." > But should I now fill an SSD disk with random data before using it or > not? If you don't want people to know how much of the drive you have or have had in use, you should do this. (Note though that conceivably some such information _could_ be deduced by a resourceful attacker from the internal metadata of the SSD regardless, depending on what they store - being black boxes as far as we're concerned and all.) If you're less worried about that and wish your SSD to perform well while maximizing its lifetime (not that they're overly prone to fail quickly these days anyway), filling might be skipped, and trimming used (for now, only semi-automatically through said script). -- Mikko Rauhala <mjrauhal@xxxxxxxxxxxxxx> University of Helsinki _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
