On Sun, Jun 18, 2017 at 17:25:41 CEST, Carl-Daniel Hailfinger wrote: > On 18.06.2017 09:25, Michael Kjörling wrote: [...] > That (LVM inside a LUKS container) is the standard scheme proposed by > Ubuntu for an encrypted installation. It works out of the box (needs > just a single click in the Ubuntu installer), is well-tested and > supports resizing the encrypted logical volumes at a later date. But keep in mind that it makes things a lot more complicated, hence violating KISS. It is easier for doing fully automated stuff, like a distro-installer would do, but as soon as you do things manually, LVM is more of a problem than a solution. We have had many people here on the list that killed their LUKS containers by overwriting the headers with LVM or as a result of LVM misconfiguration and we had others that managed to change the LVM setup and then were unable to find their LUKS containers afterwards. My advice would be to stay away from LVM. In this scenario it does not do more than a "partprobe" would do and it has no advantages. It is a case of something that looks simple, but is not, and that is the worst kind. If the ritual fails (and complex things that look simple are usually done by ritual, not by understanding), you are screwed. Of course, in the Windows-world, that approach is standard and it has been creeping into Linux for a while now (see, e.g. systemd, LVM, udev, etc.). This is probably due to people comming into the Linux community that never understood what the problem with the Windows-approach is. Sorry for the rant, I just ran into a problem with udev (again) an hour ago that makes me want to rip this whole crappy "automess" stuff out. Regards, Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
