On Tue, Oct 02, 2007 at 04:47:08PM +0100, Darren J Moffat wrote: > Nicolas Williams wrote: > >Since compression is a one-time task for a read-only lofi file, then so > >should encryption be a one-time task to be done along with (after) > >compression: > > but that isn't how lofi encryption is designed to work, and making it > work like that completely defeat the whole purpose of why do are doing > encryption in lofi. It also creates a window where the data is stored > on disk in the clear - which is exactly what we don't want.
Yes, it doesn't seem worthwhile to support one-time compression + encryption in lofi. The crucial thing though is that compressed lofi images are read-only. > It would > also mean we couldn't use lofi with encryption to swap on (which we need > until we get a proper encrypting VM system). Well, you couldn't compress swap using this case because the compression step is a one-time step and lofiadm -a of compressed images results in read-only devices! Nico --
