[linux-lvm] LVM and Truecrypt
sven at whgl.uni-frankfurt.de
Thu May 7 05:21:33 UTC 2009
As someone explained already, LVM writes metadata on each Physical
Volume (read: disk or disk partition or any other block device), if you
fancy it, you can even save two copies (just in case one copy gets
corrupted due to some failure, bad sector or whatever).
The Metadata gives you the opportunity to change diskorder, move disks
to different controllers (as in move some of the disks from one
controller, to another controller in the machine), or any other machine,
as long as you got the whole set at hands.
(Now that I am thinking about it, you could even place all n disks into
n different machines and create an LVM from them, though this might be a
little more tricky, than the other scenarios)
As an alternative, you could use md devices (offering different software
based raid levels), md does indeed provide the same features (in
example, you have a raid 5 volume with n drives, you can choose any n-1
drives of those, stick em into another machine, and use the raid, add
another disk, integrate it into the array and rebuild it).
So, for both cases, md based raid and lvm, there's metadata, no worries
Most HW Raidcontrollers (Tekram, Adaptec, 3ware ...) usually save
metadata information on disks too, the major problem is getting a new
(expensive) card from the same vendor.
Concerning encryption, I was asking, because if you use linux as OS on
your NAS and linux solely, you could use dmcrypt (which is used by
truecrypt on linux too, if available) which gives you more options on
encryption etc. (Choose any cipher from the kernel crypto api, luks key
managment ...). This is usually integrated far better into
distributions, than truecrypt.
In case you want to avoid the luks header (since it indicates some info
on the crypted volume, offers multiple key slots etc.) you can still
revert to non-luks mode with dm-crypt and still enjoy all the ciphers
from the kernel (and modes of operation).
Concerning truecrypt: Truecrypt always uses XTS afaik, you certainly
would not want to encrypt a 10 TB volume with that.
And for your last question, no I live in Germany actaully (hence the .de
Gordon Fogus schrieb:
> Hello Sven (and all),
> I have been concerned that a failure on one of the disk controllers
> would result in data loss in the following way:
> 1. A mainboard fails that has a JOBD RAID connected
> 2. The mainboard is replaced and the drives from the original set are
> 3. Because of hardware changes and/or operating system changes and/or
> "disk order" changes, no data can be read from the RAID.
> I'd be curious to know this: if I had a JOBD under LVM and I tried to
> plug the disks into another PC entirely, would I be able to read the
> files I had on those drives? How does LVM know which drive was where in
> the order of drives in the JOBD?
> I am not actually worried about data loss from a drive failure. I
> backup regularly (but I have never had a hard drive fail. I attribute
> this partly to the temperature at which I keep my drives). I have had
> several RAID controller failures (which is why I no longer consider any
> RAID level to be a backup).
> By asking, "Is there any partuclar reason for using truecrypt?" do you
> mean, "Why truecrypt as opposed to any other encryption solution?"? If
> so, I use truecrypt because it is opensource and has received a lot of
> attention from experienced cryptographers. I wouldn't trust closed
> source or obscure encryption software. On the other hand, if you were
> asking, "Why use encryption?", then you might be interested in Sans news
> bites: http://www.sans.org/newsletters/newsbites/ . Sans covers many
> data leaks.
> (Do you live in Scandinavia?)
> On Wed, May 6, 2009 at 5:08 PM, Sven Eschenberg
> <sven at whgl.uni-frankfurt.de <mailto:sven at whgl.uni-frankfurt.de>> wrote:
> Hi Gordon,
> Is there any particular Reason, why a mainboard failure should
> result in massive data loss?
> But you can be assured, that a disk failure in such a volume will
> most certainly result in massive dataloss, since the filesystem
> spans across all disks.
> Is there any partuclar reason for using truecrypt?
More information about the linux-lvm