Am 13.03.2012 12:55, schrieb Valmor de Almeida: > On 03/11/2012 02:29 PM, Florian Philipp wrote: >> Am 11.03.2012 16:38, schrieb Valmor de Almeida: >>> >>> Hello, >>> >>> I have not looked at encryption before and find myself in a situation >>> that I have to encrypt my hard drive. I keep /, /boot, and swap outside >>> LVM, everything else is under LVM. I think all I need to do is to >>> encrypt /home which is under LVM. I use reiserfs. >>> >>> I would appreciate suggestion and pointers on what it is practical and >>> simple in order to accomplish this task with a minimum of downtime. >>> >>> Thanks, >>> >>> -- >>> Valmor >>> >> >> >> Is it acceptable for you to have a commandline prompt for the password >> when booting? In that case you can use LUKS with the /etc/init.d/dmcrypt > > I think so. > >> init script. /etc/conf.d/dmcrypt should contain some examples. As you >> want to encrypt an LVM volume, the lvm init script needs to be started >> before this. As I see it, there is no strict dependency between those >> two scripts. You can add this by adding this line to /etc/rc.conf: >> rc_dmcrypt_after="lvm" >> >> For creating a LUKS-encrypted volume, look at >> http://en.gentoo-wiki.com/wiki/DM-Crypt > > Currently looking at this. > >> >> You won't need most of what is written there; just section 9, >> "Administering LUKS" and the kernel config in section 2, "Assumptions". >> >> Concerning downtime, I'm not aware of any solution that avoids copying >> the data over to the new volume. If downtime is absolutely critical, ask >> and we can work something out that minimizes the time. >> >> Regards, >> Florian Philipp >> > > Since I am planning to encrypt only home/ under LVM control, what kind > of overhead should I expect? > > Thanks, >
What do you mean with overhead? CPU utilization? In that case the overhead is minimal, especially when you run a 64-bit kernel with the optimized AES kernel module. Measured on a Core i5: time cat Video/*.* >/dev/null real 0m42.918s user 0m0.023s sys 0m2.027s That was a sequential read of roughly 3.5GB with empty caches. This corresponds to the normal disk speed. Regards, Florian Philipp
signature.asc
Description: OpenPGP digital signature