It's up to you. I'd prefer LUKS/dmcrypt.
So do I. But I have a related concern:
I currently do ext4 <-> dm-crypt <-> linux-software-raid <-> hdds
However Linux Software Raid (mdadm) does not protect you from silent
data loss, because it does not store checksums in it's metadata.
So what mdadm does is, it compensates for failed devices, or blocks, if
the device reports them as bad. But I can NOT correct data, that was
e.g. corrupted by the SATA controller or backplane.
See http://neil.brown.name/blog/20100211050355 "Smart or simple RAID
recovery??" for more information.
Btrfs (like ZFS) can be the solution here, as it stores CRC checksums
with all data and metadata. RAID5 with protection from silent data loss
is promised to be implemented in the future.
A setup on top of dm-crypt would look as follows:
btrfs <-> multiple dm-crypt partitions <-> multiple devices
However in the past I experienced very disappointing results, if raid is
running on top of dm-crypt partitions.
If I remove hdds from such a setup the dm-crypt partition wont
disappear. It won't propagate the error to the software raid on top of
it (not familiar with the implementation details, maybe mdadm is to
blame here).
And finally it won't even let itself be deleted without restart (I think
the last issue has been fixed in the meantime).
I urge the dm-crypt developers to improve this situation with raid on
top of dm-crypt, be it with mdadm or btrfs.
Solutions for other long-time annoying issues like insufficient
threading support, and the lack of discard support, would be appreciated
too. :P
I know the OSS pradigm is provide patches yourself. Would you be
accepting patches?
Sincerly,
Markus
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
