On 12/18/2014 11:08 AM, Vojtěch Zeisek wrote:
Dne Čt 18. prosince 2014 11:00:52, Anton Aylward napsal(a):
On 12/18/2014 10:43 AM, Stanislav Baiduzhyi wrote:
I would like to reformat my /home to btrfs, and I need it encrypted. But YaST disables the checkbox as soon as Btrfs is selected. Is there some particular reason for that?
I believe this has come up in the past. Some sites recommend not using the BtrFS own encryption for a variety of reasons. As I understand it, this is why suse has it disabled.
What are the reasons? I haven't heard about it.
Go Google !
If you want an encrypted partition, regardless of the file system, d what I do: make use of LVM. Its stable and well proven and reliable. Encrypt the partition _underneath_ the file system.
Yes, but Btrfs practically has LVM functionality, so it seems little bit weird to have LVM practically twice - it's just higher chance of corruption...
If you have either of the 'raw on the disk' there is similar functionality. *SIMILAR*, in that, for example, they can be made to extend of many spindles. That doesn't apply here. If you have BtrFS on a _single_ LVM partition as I do, that is not an issue.
BTW, there is little bug when creating encrypted LVM: https://bugzilla.opensuse.org/show_bug.cgi?id=908073
You don't seem to be describing a problem with an encrypted LVM. You seem to be repeating your YAST-level problem with BtrFS and encrypting BtrFS. PVCREATE - the command for creating a LVM -- doesn't have the option to make the whole LVM encrypted, where as you can make a BtrFS 'on the raw' encrypted. Of course you can encrypt the whole disk or the whole partition under any file system you apply, or play games with LUKS and the file system, but that's another matter. In neither case are you using the encryption ability of BtrFS or LVM. You could do LUKS-encrypt with *any* file system. Perhaps its that I don't use YAST for creating LVM, creating (possibly encrypted) LVM partitions, or for creating BtrFS file systems. I do them all from the command line so that I have absolute control over the parameters and see what the real error messages are. Why don't you try that? YAST has, obviously, a lot of limits. The system as a whole seems to have evolved beyond the capability that YAST is left with, which is a shame because YAST used to be the great 'selling point' of Suse. Think of it as a crutch for people who can use the command line. http://www.cryptonomicon.com/beginning.html http://www.linuxbsdos.com/2014/01/16/manual-full-disk-encryption-setup-guide... https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#LU... https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#LV... http://www.linuxbsdos.com/2011/05/10/how-to-install-ubuntu-11-04-on-an-encry... Note: "With the LVM partition created, we now want to specify that the partition is to be encrypted." Encryption is at the parition level. http://blog.philippbeck.net/linux/archlinux-install-encryption-lvm-luks-grub... -- Prosince -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org