Linux: Encryption of a physical LVM volume doesn't imply encryption of its logical subvolumes?
Posted
by
java.is.for.desktop
on Server Fault
See other posts from Server Fault
or by java.is.for.desktop
Published on 2010-06-22T11:33:32Z
Indexed on
2010/12/30
9:56 UTC
Read the original article
Hit count: 220
Hello, everyone!
I installed OpenSuse one year ago on my notebook. I created all partitions except /boot
inside an LVM partition. I enabled encryption for it during setup. The system asked me a password on each boot later. Everything seemed fine...
But one day I wanted to cancel the boot process and did it with SysRq REISUB
. During entering this combination, the system suddenly continued to boot without any password being entered. I had no /home
and no swap
, but /
was mounted! I checked multiple times, it was inside an "encrypted" physical LVM volume.
Later I found out that OpenSuse can't encrypt /
at all. There is an option to enable encryption for each logical volume, and indeed it fails for /
.
Later I tried Fedora. The options during partitioning were misleading by same means. I could enable "encryption" of a physical volume and each logical subvolume. With the exception that Fedora actually allowed to encrypt /
.
Question: What's the point of setting up "encryption" for a physical LVM volume, when it doesn't imply (real) encryption of its logical subvolumes? Did I get something wrong in this whole concept?
© Server Fault or respective owner