On 01/12/10 12:02, Matthias Scheler wrote:
If I am to follow what you suggest, how do I go about creating full disk encryption or /home encryption that can grow as it needs more space? The issue with creating full disk encryption currently is you have to have a disklabel for each area you want to encrypt. Following the guide you can see they have an unencrypted root label that will decrypt the rest and have /home, /usr, /var ect.. encrypted. What I would like to see is to have a small '/boot' that contains the kernel and startup utilities to be booted from and then to encrypt the entire root filesystem. For this you would not need an LVM but I'm not sure how I would accomplish this since these files reside in /. Where the LVM would be handy is if you had the same setup '/boot' and then the rest of the disk '/' as a physical group with maybe one volume group of /home. You could choose to only encrypt the /home and grow/shrink it as you see fit within the LVM. Would this be possible?On Tue, Jan 12, 2010 at 10:13:28AM -0500, Charlie wrote:This is interesting. I've been going over this issue in my head for a while now. I understand both points but was wondering if you are someone could clear something up for me. If LVM is used on top of CGD it would seem the partitions would have to be already fixed, ...No, it wouldn't. The "cgd" device would just be a physical volume for LVM on which it can store data.For example how could I resize /home to add more space from the current disk?If you assing as much diskspace as possible to the "cgd" volume and use LVM to manage the encrypted disks space you have the desired flexibility. Kind regards
Charlie