On martedì 8 maggio 2018 09:50:23 CEST, Rolf Wald wrote:
You need to build three partitions, e.g. named boot, swap, root.
You don't need to use an unencrypted boot if you use grub:
https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Encrypted_boot_partition_.28GRUB.29
A few hints for btrfs + LUKS + swap:
https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Btrfs_subvolumes_with_swap
Another solution is to use SED, as someone mentioned:
https://wiki.archlinux.org/index.php/Self-Encrypting_Drives
The only downside is that you can rest assured there will be NSA backdoors
in hardware crypto.
Even better I suggest you to move to ZFS and use Native Encryption:
https://github.com/zfsonlinux/zfs/pull/5769
I recently got tired of btrfs never implementing things like snapshot-aware
defrag (with no signs on the horizon that this is going to change soon) so
I decided to switch my servers to ZFS. I'll let you know how crypto works
if you're interested. I'll keep using btrfs on the clients though, at least
for now.
Niccolò
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html