LVM - questions
I'm new to LVM, and have been searching for material online, to become better informed. I'm also out of time and need to keep moving forward. So, here are my questions:
I am concluding a clean install of 15.04 to a 160GB hard drive box. At the drive setup screen in the install sequence, I opted for "Guided - use entire disk and setup encrypted LVM". When offered the option of an encrypted /home partition, I said NO (based on a thread I'd read on an Ubuntu forum, where things didn't work UNLESS the drive was set up this way).
My goal is that there be NO raw data on the drive which a thief could read, as I have client data to protect. That means that both system and /home areas need to be encrypted.
The problem is that the setup confuses me. If I have an "encrypted LVM" is or is not the entire hard drive encrypted? And if it is, then why am I offered the option of an encrypted /home?
I'd be very grateful for any clarifications on my situation anyone can offer.
===== UPDATE - for those who come after me! =====
FIRST: Here's a really fine general article about disk encryption - https://wiki.archlinux.org/index.php/Disk_encryption
An excellent reference and good place to start one's study, before getting too committed to any one approach. One revision to it however - I have it from very reliable sources that Truecrypt is no longer being maintained. I've used it, but do no longer, for this reason. I do think my current solution (see below) is far better.
1. GUI management of LVM volumes: Most documentation on LVM is about command line management. For example, see:
* "A simple introduction to working with LVM" - https://www.debian-administration.or...rking_with_LVM
* "Setup and use the Logical Volume Manager (LVM) on Debian" - http://howto.biapy.com/en/debian-gnu...-lvm-on-debian
* "LVM manager - graphical" - a forum thread about LVM management which looks useful; it's actually about command line management - http://www.linuxquestions.org/questi...phical-934846/
All of that is fine, but it's also too fine-grained for most needs, I expect - especially mine.
Here's a decent tutorial about using a GUI - * Linux Sysadmin: How To Manage LVMs With a GUI - http://www.howtogeek.com/howto/36568...-it-in-ubuntu/
There are two graphic management tools in the KB packages:
a. "kvpm" - the KDE graphic manager for LVM. It has a handbook which appears on my initial scan to be well developed.
b. "system-config-lvm" - from RedHat, it's been adapted to run in Ubuntu
I can't strongly recommend one over the other, as I've only just launched them both, but my initial impressions lead me to favor kvpm. It's GUI is well laid out, and plenty of useful options and an excellent R-click menu. For now, I'm going with kvpm.
2. Answer to my main question: Having selected the "Guided - use entire disk and setup encrypted LVM" option at disk setup, what did I actually get? Inasmuch as my single logical volume /dev/sda5, on the "storage devices" tab, has a usage designation of "crypto-LUKS", I'd bet that everything except /boot is encrypted, which is exactly what I wanted.
NOT selecting the encryption option for /home makes plenty of sense, now. It's already encrypted. I don't know if selected that option would have resulted in a double encryption, but I see no reason to gamble on it.
So, all's well. Am closing this thread.
I am concluding a clean install of 15.04 to a 160GB hard drive box. At the drive setup screen in the install sequence, I opted for "Guided - use entire disk and setup encrypted LVM". When offered the option of an encrypted /home partition, I said NO (based on a thread I'd read on an Ubuntu forum, where things didn't work UNLESS the drive was set up this way).
My goal is that there be NO raw data on the drive which a thief could read, as I have client data to protect. That means that both system and /home areas need to be encrypted.
The problem is that the setup confuses me. If I have an "encrypted LVM" is or is not the entire hard drive encrypted? And if it is, then why am I offered the option of an encrypted /home?
I'd be very grateful for any clarifications on my situation anyone can offer.
===== UPDATE - for those who come after me! =====
FIRST: Here's a really fine general article about disk encryption - https://wiki.archlinux.org/index.php/Disk_encryption
An excellent reference and good place to start one's study, before getting too committed to any one approach. One revision to it however - I have it from very reliable sources that Truecrypt is no longer being maintained. I've used it, but do no longer, for this reason. I do think my current solution (see below) is far better.
1. GUI management of LVM volumes: Most documentation on LVM is about command line management. For example, see:
* "A simple introduction to working with LVM" - https://www.debian-administration.or...rking_with_LVM
* "Setup and use the Logical Volume Manager (LVM) on Debian" - http://howto.biapy.com/en/debian-gnu...-lvm-on-debian
* "LVM manager - graphical" - a forum thread about LVM management which looks useful; it's actually about command line management - http://www.linuxquestions.org/questi...phical-934846/
All of that is fine, but it's also too fine-grained for most needs, I expect - especially mine.
Here's a decent tutorial about using a GUI - * Linux Sysadmin: How To Manage LVMs With a GUI - http://www.howtogeek.com/howto/36568...-it-in-ubuntu/
There are two graphic management tools in the KB packages:
a. "kvpm" - the KDE graphic manager for LVM. It has a handbook which appears on my initial scan to be well developed.
b. "system-config-lvm" - from RedHat, it's been adapted to run in Ubuntu
I can't strongly recommend one over the other, as I've only just launched them both, but my initial impressions lead me to favor kvpm. It's GUI is well laid out, and plenty of useful options and an excellent R-click menu. For now, I'm going with kvpm.
2. Answer to my main question: Having selected the "Guided - use entire disk and setup encrypted LVM" option at disk setup, what did I actually get? Inasmuch as my single logical volume /dev/sda5, on the "storage devices" tab, has a usage designation of "crypto-LUKS", I'd bet that everything except /boot is encrypted, which is exactly what I wanted.
NOT selecting the encryption option for /home makes plenty of sense, now. It's already encrypted. I don't know if selected that option would have resulted in a double encryption, but I see no reason to gamble on it.
So, all's well. Am closing this thread.
Comment