Encrypted LVM

[nemanjan00]

Hi, Encrypting only lvm-root is not really a good idea... That way swap stays unencrypted and that is not ideal... Default encrypted setup should be encrypted lvm and root + home + swap on it. Problem with one encrypted LVM partition is that user can not that easy add more encrypted partitions and it can happend that private data or even worst password for encryption/key gets written to swap...

[tkbsephn]

Would either the owner or a collaborator care to comment?

It would be nice if guided partitioning with encryption allowed for the option of specifying the size of discrete /home and swap partitions as is the case, for example, with the Debian installer.

[condor2]

@tkbsephn when they have time, because they have jobs, life and for now...are only 2...

@deadhead420 and @pnedkov

I am collaborator, but I am not good in bash script.

[nemanjan00]

I will take a look in next few days and try to make it work.

[deadhead420]

Good thinking. I should be able to get around this by using a swap file instead of a volume.

[nemanjan00]

Yeah, I know, but what is a point of installer then if I do stuff manually?

[KarangiriGauswami]

Yeah Right

[antonincms]

@deadhead420 another solution is to crypt the whole partition and then to create an lvm on top of it, as it is advised by Arch wiki (and as many distro does) : https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#LVM_on_LUKS I just remebered having detailed that there : #587

[qazip]

So anarchy is currently not encrypting swap? In anarchy's webpage, one can read:

"Automatic LUKS-encrypted partitioning on LVM (optional encrypted swap)". That sentence suggests that, if swap is chosen, then it is encrypted as well..