On Monday, 13 August 2018 17:13:06 UTC-4, Chris Laprise wrote:
> On 08/13/2018 04:47 PM,
> > Related question.
> >
> > If I installed Qubes and used LUKS encryption (I have to run cryptsetup
> > openLuks just to see the LVM inside)... then I add physical drives to my
> > Volume Group, and start adding more AppVMs to the pool, that starts writing
> > to the PV...
> > Is the data on the new drive, encrypted?
> > Can anyone forensically pull data from those new AppVMs since it wasn't
> > originally a part of the LUKS encrypted drive?
>
> Based on the sparse description I'd say No, the new space is not
> encrypted. You have to add separate LUKS/dmcrypt block layers to those
> new devices and then treat those dmcrypt block devices as the new pvs.
>
> If you're doing this to qubes_dom0, then it could be a little tricky
> getting all of the encrypted "pvs" to unlock at the same time during the
> boot process. You'd need to investigate how crypttab and grub
> accommodate that multi-volume setup.
>
> --
>
> Chris Laprise
> PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
I would imagine it would require a longer grub entry with rd.luks attributes
for other UUIDs.
But it seems I have an LVM over LUKS configuration... when what I want is a
LUKS over LVM.
Here's what I have:
[root@dom0]# lsblk | grep -v "\-\-"
NAME MAJ:MIN RM SIZE
RO TYPE MOUNTPOINT
sdb 8:16 0 3.7T
0 disk
└─sdb1 8:17 0 3.7T
0 part
├─qubes_dom0-pool00_tmeta 253:1 0 2.1G
0 lvm
│ └─qubes_dom0-pool00-tpool 253:3 0 1T
0 lvm
│ ├─qubes_dom0-pool00 253:6 0 1T
0 lvm
│ ├─qubes_dom0-root 253:4 0 192.6G
0 lvm /
├─qubes_dom0-pool00_meta0 253:63 0 2.1G
0 lvm
└─qubes_dom0-pool00_tdata 253:2 0 1T
0 lvm
└─qubes_dom0-pool00-tpool 253:3 0 1T
0 lvm
├─qubes_dom0-pool00 253:6 0 1T
0 lvm
├─qubes_dom0-root 253:4 0 192.6G
0 lvm /
sr0 11:0 1 1024M
0 rom
loop0 7:0 0 500M
0 loop
sda 8:0 0 232.9G
0 disk
└─sda1 8:1 0 232.9G
0 part
nvme0n1 259:0 0 232.9G
0 disk
├─nvme0n1p1 259:1 0 1G
0 part /boot
└─nvme0n1p2 259:2 0 231.9G
0 part
└─luks-bfcca13a-213d-46ec-b156-53df348dba30 253:0 0 231.9G
0 crypt
├─qubes_dom0-pool00_tdata 253:2 0 1T
0 lvm
│ └─qubes_dom0-pool00-tpool 253:3 0 1T
0 lvm
│ ├─qubes_dom0-pool00 253:6 0 1T
0 lvm
│ ├─qubes_dom0-root 253:4 0 192.6G
0 lvm /
└─qubes_dom0-swap 253:5 0 23.3G
0 lvm [SWAP]
Even better, I should look into a RAID setup too.
If I choose btrfs for my next install, I can avoid the LVM problems, but can I
expand onto new physical volumes by adding more drives?
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/a43f228b-819b-449f-916e-658bfba2a128%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
