Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
LUKS wihtout LVM?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
x220tux
n00b
n00b


Joined: 09 Apr 2015
Posts: 19

PostPosted: Sat Sep 12, 2015 8:48 am    Post subject: LUKS wihtout LVM? Reply with quote

For example, I have /dev/sda3 free partition, on which I will Install Gentoo with full encryption.

After
Code:
 cryptsetup luksOpen /dev/sda3 cryptroot
, I get a decrypted mapper device
Code:
/dev/mapper/cryptroot


Many posts online writing, using LVM on top /dev/mapper/cryptroot.

1. Could I treat /dev/mapper/cryptroot as a normal disk/partition? For example,
Code:
parted -a /dev/mapper/cryptroot
to mkpart or rm /, /home etc. partitions directly.
2. Compared to LVM over LUKS, installing Gentoo directly on LUKS will cause any inconvenience?
3. Why most need LVM over LUKS?
Back to top
View user's profile Send private message
EmaRsk
Apprentice
Apprentice


Joined: 07 Sep 2004
Posts: 158
Location: Italy

PostPosted: Sat Sep 12, 2015 9:20 am    Post subject: Reply with quote

1. You treat it like a partition, that is, for example:
Code:
mkfs.ext4 /dev/mapper/cryptroot
mount /dev/mapper/cryptroot /mnt/cryptroot

but block alignment should be done on /dev/sda3, I guess.

2. No experience here.

3. With LVM over LUKS you need only one key/password to unlock all the partitions; and you can rearrange, resize etc. the partitions without the hassle of re-encrypt everything again.
_________________
Please, avoid some common spelling errors:
http://theoatmeal.com/comics/misspelling


Last edited by EmaRsk on Sat Sep 12, 2015 9:26 am; edited 1 time in total
Back to top
View user's profile Send private message
szatox
Veteran
Veteran


Joined: 27 Aug 2013
Posts: 1746

PostPosted: Sat Sep 12, 2015 9:22 am    Post subject: Reply with quote

1) Yes, partition
2) Yes
3) #2

Well, actually #2 depends on your particular setup. If you're going to simply dump everything on a single partition (which is totaly fine with some setups), there is no point in going for LVM.
However, if you want to have several volumes, LVM will make it more convenient and easier to use, and this is why many people go after it. I doubt it's "most" though, more likely not using LVM and not using LUKS doesn't require any advice so nobody asks about configuring system not to use it.

Basicaly, if you want features provided by those layers, add them to your stack. If you don't need, why bother configuring it?
Back to top
View user's profile Send private message
x220tux
n00b
n00b


Joined: 09 Apr 2015
Posts: 19

PostPosted: Sat Sep 12, 2015 9:50 am    Post subject: Reply with quote

EmaRsk wrote:
1. You treat it like a partition, that is, for example:
Code:
mkfs.ext4 /dev/mapper/cryptroot
mount /dev/mapper/cryptroot /mnt/cryptroot

but block alignment should be done on /dev/sda3, I guess.

2. No experience here.

3. With LVM over LUKS you need only one key/password to unlock all the partitions; and you can rearrange, resize etc. the partitions without the hassle of re-encrypt everything again.


EmaRsk. From you mentioned, /dev/mapper/cryptroot can only be treated as a single partition instead of a disk. So a decrypted LUKS device name acts like a 'normal' partition. NOT a disk.

I cannot create multiple partitions over /dev/mapper/cryptroot directly.

Is that right?
Back to top
View user's profile Send private message
x220tux
n00b
n00b


Joined: 09 Apr 2015
Posts: 19

PostPosted: Sat Sep 12, 2015 10:04 am    Post subject: Reply with quote

szatox wrote:
1) Yes, partition
2) Yes
3) #2

Well, actually #2 depends on your particular setup. If you're going to simply dump everything on a single partition (which is totaly fine with some setups), there is no point in going for LVM.
However, if you want to have several volumes, LVM will make it more convenient and easier to use, and this is why many people go after it. I doubt it's "most" though, more likely not using LVM and not using LUKS doesn't require any advice so nobody asks about configuring system not to use it.

Basicaly, if you want features provided by those layers, add them to your stack. If you don't need, why bother configuring it?


szatox, I think I get your idea. For example, two scenarios needs LVM:

1. If I want to use only part of /dev/mapper/cryptroot storage for Gentoo, while leaving the remaining space for other usage like NTFS volumes or even another Arch Linux.
2. If I want to separate /home, /usr, /tmp mount points.

To summarize:
Quote:
a decrypted LUKS device like /dev/mapper/cryptroot is just treated as a partition instead of a disk /dev/sda
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2970
Location: Germany

PostPosted: Sat Sep 12, 2015 12:18 pm    Post subject: Reply with quote

x220tux wrote:
I cannot create multiple partitions over /dev/mapper/cryptroot directly.


You could, and it's also what happens when you use such a device as raw disk for a virtual machine.

But to actually access those partitions, you have to map them somehow, using partx/kpartx/losetup--partscan/or whatever.

And at that point you may have a regular partition table but it's still all using the device mapper so you can just as well go with LVM and have all the convenience that LVM has to offer.
Back to top
View user's profile Send private message
Roman_Gruber
Advocate
Advocate


Joined: 03 Oct 2006
Posts: 3806
Location: Austro Bavaria

PostPosted: Sat Sep 12, 2015 2:39 pm    Post subject: Reply with quote

you do not need to use lvm with luks but i recommend it for some other reasons.

in which data partition / container / wahtever you use luks is up to you.

so in your case yuo can just create your luks stuff in /dev/sda3, thats it.
Back to top
View user's profile Send private message
zaidgs
n00b
n00b


Joined: 08 Sep 2015
Posts: 16

PostPosted: Sat Sep 12, 2015 9:57 pm    Post subject: Re: LUKS wihtout LVM? Reply with quote

x220tux wrote:
1. Could I treat /dev/mapper/cryptroot as a normal disk/partition? For example,
Code:
parted -a /dev/mapper/cryptroot
to mkpart or rm /, /home etc. partitions directly.


It will work if you treat it as a partition as previously mentioned. I tried using it as a disk, and here is what happened:

I did the following:
Code:
cryptsetup luksFormat /dev/sdb
cryptsetup luksOpen /dev/sdb enc_sdb
fdisk /dev/mapper/enc_sdb #Then I created two partitions
reboot #fdisk asked me to reboot
cryptsetup luksOpen /dev/sdb enc_sdb
fdisk -l /dev/mapper/enc_sdb #It shows the two partitions as ("/dev/mapper/enc_sdb1", "/dev/mapper/enc_sdb2")
ls /dev/mapper #It shows enc_sdb BUT NOT enc_sdb1 or enc_sdb2
mkfs.ext4 /dev/mapper/enc_sdb1 #It fails saying that it cannot find "/dev/mapper/enc_sdb1"


Now, if someone knows how to let enc_sdb1 and enc_sdb2 show outside of fdisk, then this would work. Right now, it does not work.
Back to top
View user's profile Send private message
szatox
Veteran
Veteran


Joined: 27 Aug 2013
Posts: 1746

PostPosted: Sun Sep 13, 2015 7:28 am    Post subject: Reply with quote

Quote:

Now, if someone knows how to let enc_sdb1 and enc_sdb2 show outside of fdisk, then this would work. Right now, it does not work.
You'd have to loop it over something to tell your system it's a drive and not a partition.
Creating deices automatically won't work with your setup.
You can use it as a drive for a VM though (and inside a VM it will be visible as a drive + partitions). Using iSCSI is another option (configure container as a target and it will appear as another hard drive anywhere you connect to it, even locally). Perhaps there also are other ways. But if you really want to partition LUKS container you better either go with LVM or partition drive and then create separate LUKS containers.

I suppose you don't have any data there yet, so you can just start over.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum