this post was submitted on 29 Feb 2024
23 points (92.6% liked)

Linux

48224 readers
102 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I'm setting up FDE and wonders which one is better. "LVM over LUKS" or "LUKS over LVM"? Or something else? Does one is definitely better then the other? What are your preference?

Thanks.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 8 months ago* (last edited 8 months ago) (1 children)

That works too, if you have a use case go for it. There's so many valid ways to arrange your disks.

LUKS over LVM over 2 disks is as valid as LVM over 2x LUKS which is as valid as LVM over LUKS over RAID1. Although with multiple disks I'd probably go with filesystem mirroring with btrfs or ZFS, and give it the two LUKS volumes. That way you get per file chunk checksums and self healing if your drives start to drift off (RAID won't tell you if either disk returns garbage, and has no way of telling which disk has the correct data).

But really, I wouldn't worry about LVM metadata unless you're holding some seriously sensitive and valuable data. I can't think of a use case where LVM metadata would be bad but not LUKS headers. Like the only information really leaking is the name of the volume and how big it is, so unless you happen to have a dedicated volume full of secret documents of a known size and that can be used as evidence of you being in possession based on the size alone, it's kinda eh.

[–] [email protected] 1 points 8 months ago

So you mean BTRFS over LUKS? I will have a try on a VM later, plus the ZFS too. Thanks for the advice.