[dm-crypt] Protection against data failure
mbroz at redhat.com
Wed Aug 10 10:43:34 CEST 2011
On 08/10/2011 10:14 AM, Sun_Blood wrote:
> Lucky I see that cryptsesetup has the luksHeaderBackup function. (LVM
> also have a similar function).
> My question here is if I accidental overwrite the first 5% of the disk
> could I with this option restore and access the 95% rest of the system
Just short answer: both (luksHeaderBackup for LUKS and vgcfgbackup for LVM)
create backup of _metadata_ not the data.
With these backups you are able to recover LVM over LUKS mappings.
Take is as backup of /etc with configuration of your system - it is good
idea to regularly backup system config.
But it says nothing about data on volumes itself. So it is obviously not replacement
for normal data backup, just prerequisite.
> And I final question. The output from luksHeaderBackup how sensitive
> is that information? Is it like handing somebody my password if I
> store it on a local unencrypted disk?
It is written in man page. To decrypt drive you need LUKS header (or backup
of it - even old with old keyslots) AND passhprase to some keyslot in it.
LUKS header backup is basically just image of start of the disk - you
can create similar backup using dd.
More information about the dm-crypt