On mardi, 18 octobre 2016 08.11:44 h CEST Anton Aylward wrote:
On 10/18/2016 01:31 AM, Bruno Friedmann wrote:
ok thank you, then it become less interesting for myself and use case than how things works with luks/lvm and ext4/xfs
You don't need LUKS to make use of LVM. Encrypting the whole disk is pretty heavy. if you do need encryption than you should look into whether you need to encrypt files, file systems or whole partitions.
If, for example, you need to protect keys, ssl keys for example, they generally live in one directory. You can encrypt that and only decrypt when actually needed.
Trust me, decrypting a whole disk that has crashed is ... difficult.
Trust me also the only way to not be catched and then be sorry, is encrypting the whole disk, so no leak at all ;-) With a modern xeon cpu and nvme pci ssd, you can't find real penality. (Was already true with my former laptop) One real big step forward on our openSUSE, will certainly be to have whole encryption disk and btrfs on top without lvm supported by yast. -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch Bareos Partner, openSUSE Member, fsfe fellowship GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org