[linux-lvm] lvm protected against crypt/luks

John Stoffel john at stoffel.org
Mon Mar 7 20:03:10 UTC 2016

lejeczek> would you know if kernel/lvm protects PVs (or any other 
lejeczek> parts for that matter) from being encrypted?

Not beyond the usual unix permissions.  I.e. user's can't generally
write to raw volumes/PVs/LVs.  But root can do whatever it wants.
Sometimes it tries to stop you from over-writing mounted filesystems,
but that can be gotten around without much hassle.

lejeczek> Do I need to wipe block devices clean off any LVM traces in 
lejeczek> order to encrypt them?

No... but it's probably a good idea to do so initially, which is
really to just zero it out. But LV information is stored within the
VG, which is stored within the PVs which make it up.

So when you do a pvremove, it will wipe the device which holds the VG

lejeczek> BTW, LVs cannot be luks encrypted, can they?

Of course they can.  Then you just loop mount the encrypted LUKS
device (physical disk or LV, or even a file) and then put a filesystem
on the new device.  Then you mount that filesystem and away you go.

I would look up on google for beginner tutorials on using LUKs.


More information about the linux-lvm mailing list