[dm-crypt] help mounting partitions in an encrypted disk after first reboot

Arno Wagner arno at wagner.name
Sun Jun 18 17:51:32 CEST 2017


On Sun, Jun 18, 2017 at 17:25:41 CEST, Carl-Daniel Hailfinger wrote:
> On 18.06.2017 09:25, Michael Kjörling wrote:
[...]
> That (LVM inside a LUKS container) is the standard scheme proposed by
> Ubuntu for an encrypted installation. It works out of the box (needs
> just a single click in the Ubuntu installer), is well-tested and
> supports resizing the encrypted logical volumes at a later date.

But keep in mind that it makes things a lot more complicated,
hence violating KISS. It is easier for doing fully automated 
stuff, like a distro-installer would do, but as soon as you 
do things manually, LVM is more of a problem than a solution.

We have had many people here on the list that killed their
LUKS containers by overwriting the headers with LVM or
as a result of LVM misconfiguration and we had others that
managed to change the LVM setup and then were unable to
find their LUKS containers afterwards.
 
My advice would be to stay away from LVM. In this scenario
it does not do more than a "partprobe" would do and it has
no advantages. It is a case of something that looks simple,
but is not, and that is the worst kind. If the ritual fails
(and complex things that look simple are usually done by
ritual, not by understanding), you are screwed.

Of course, in the Windows-world, that approach is standard
and it has been creeping into Linux for a while now (see,
e.g. systemd, LVM, udev, etc.). This is probably due to people
comming into the Linux community that never understood what
the problem with the Windows-approach is.

Sorry for the rant, I just ran into a problem with udev 
(again) an hour ago that makes me want to rip this whole
crappy "automess" stuff out. 

Regards,
Arno

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier


More information about the dm-crypt mailing list