Re: debian with raid1+cryptsetup+lvm on notebook?
Douglas A. Tutty, Tue Apr 21 2009 16:06:03 GMT+0200 (CEST): On Tue, Apr 21, 2009 at 12:39:38PM +0200, Peter Jordan wrote: Hello, since my ThinkPad T400 has two 250GB HD, i considered to install debian testing with raid1+cryptsetup+lvm on it. Has anyone experience with that kind of setup? Any significant reasons against my plan? Sounds like a good idea. I think that the installer has that out-of-the-box as one of the guided-partitioning options. If not, you can certainly do it manually. This came up not that long ago. It was suggested that having / encrypted can prevent someone trojaning executables on / (e.g. /bin/ls). However, since you need an unencrypted /boot, then someone could trojan the kernel or the initrd itself (perhaps to email the attacker the password you enter to decrypt the filesystem), who knows? I suppose that you could have /boot on a USB stick so that without the stick, the laptop won't boot and there won't be any unencrypted data on the laptop. There's good LUKS documentation: read it. I'm sure that this has been (and is being) looked at by people with a particular interest in laptop security. Just don't assume that raid1+crypsetup+lvm will make your laptop absoulutly secure. Doug. job is done, Everything works fine. No problems during live migration. PJ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
debian with raid1+cryptsetup+lvm on notebook?
Hello, since my ThinkPad T400 has two 250GB HD, i considered to install debian testing with raid1+cryptsetup+lvm on it. Has anyone experience with that kind of setup? Any significant reasons against my plan? thanks PJ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: debian with raid1+cryptsetup+lvm on notebook?
On Tue, Apr 21, 2009 at 12:39:38PM +0200, Peter Jordan wrote: Hello, since my ThinkPad T400 has two 250GB HD, i considered to install debian testing with raid1+cryptsetup+lvm on it. Has anyone experience with that kind of setup? Any significant reasons against my plan? Sounds like a good idea. I think that the installer has that out-of-the-box as one of the guided-partitioning options. If not, you can certainly do it manually. This came up not that long ago. It was suggested that having / encrypted can prevent someone trojaning executables on / (e.g. /bin/ls). However, since you need an unencrypted /boot, then someone could trojan the kernel or the initrd itself (perhaps to email the attacker the password you enter to decrypt the filesystem), who knows? I suppose that you could have /boot on a USB stick so that without the stick, the laptop won't boot and there won't be any unencrypted data on the laptop. There's good LUKS documentation: read it. I'm sure that this has been (and is being) looked at by people with a particular interest in laptop security. Just don't assume that raid1+crypsetup+lvm will make your laptop absoulutly secure. Doug. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
