[dm-crypt] Protection against data failure

Sun_Blood sblood at gmail.com
Wed Aug 10 10:14:37 CEST 2011

Hi DM-crypt

I have done some Googling and read your FAQ(great info) but I'm still
a bit confused so I hope somebody have time to answer a few questions.

I have recently started using dm-crypt and LVM finally taking a leap
in to the feature of disk handling. But now when I'm not using the
normal old partitions system with "one disk one partition" and the
disk itself are getting bigger there is a lot more data that could be
lost in a error. And with a big encrypted LVM I feel that some sort of
backups are necessary.

So how can I protect my self from loosing all my data? My system today
looks like this
sdb1 -> lvm -> dm_crypt -> filesystem
So by adding mirror raid I'm guessing that I protect my self from
hardware failure. sd[b-c]1 -> Raid -> LVM -> dm_crypt -> filysystem.
So far are I correct or am I missing something?

The above solution saves me from a broken disk but it can't protect me
from my self right(the biggest danger to a system: The user)? If I
accidental do a dd /dev/zero /dev/raid then all will be lost because
the raid will mirror even my mistakes?
Lucky I see that cryptsesetup has the luksHeaderBackup function. (LVM
also have a similar function).
My question here is if I accidental overwrite the first 5% of the disk
could I with this option restore and access the 95% rest of the system
Or is this the wrong approach maybe a CoW setup would be the solution?

What I'm looking for is a way to protect the system from myself.
Hardware is one way and with that I can protect myself against
hardware failure good enough with raid and SMART disk.
But if I accidental overwrite the first part of the disk or some other
important part can I protect myself from that?

And I final question. The output from luksHeaderBackup how sensitive
is that information? Is it like handing somebody my password if I
store it on a local unencrypted disk?

Thanks in advance for any answers! =)

More information about the dm-crypt mailing list