Linux: Encryption of a physical LVM volume doesn't imply encryption of its logical subvolumes?

Posted by java.is.for.desktop on Server Fault See other posts from Server Fault or by java.is.for.desktop
Published on 2010-06-22T11:33:32Z Indexed on 2010/12/30 9:56 UTC
Read the original article Hit count: 220

Filed under:
|
|
|

Hello, everyone!

I installed OpenSuse one year ago on my notebook. I created all partitions except /boot inside an LVM partition. I enabled encryption for it during setup. The system asked me a password on each boot later. Everything seemed fine...

But one day I wanted to cancel the boot process and did it with SysRq REISUB. During entering this combination, the system suddenly continued to boot without any password being entered. I had no /home and no swap, but / was mounted! I checked multiple times, it was inside an "encrypted" physical LVM volume.

Later I found out that OpenSuse can't encrypt / at all. There is an option to enable encryption for each logical volume, and indeed it fails for /.

Later I tried Fedora. The options during partitioning were misleading by same means. I could enable "encryption" of a physical volume and each logical subvolume. With the exception that Fedora actually allowed to encrypt /.

Question: What's the point of setting up "encryption" for a physical LVM volume, when it doesn't imply (real) encryption of its logical subvolumes? Did I get something wrong in this whole concept?

© Server Fault or respective owner

Related posts about partition

Related posts about encryption