Permanently Deleted

  • linux [none/use name]
    ·
    4 years ago

    I'm curious, why did you use veracrypt rather than something like LUKS?

    • gvngndz [none/use name,comrade/them]
      ·
      edit-2
      4 years ago

      Edit: I just realised that I mixed up the words, yeah I used LUKS2, I just mixed up the names.

      I'll edit the original comment.

      • PorkrollPosadist [he/him, they/them]
        ·
        4 years ago

        The things you can do with LVM and device-mapper are jaw dropping, but issuing so many commands that deal directly with disks and partitions and volumes and filesystems makes my ass so tight you couldn't pull a needle out of it. Anyway, I've never tried LUKS, but I did just set up an SSD cache for my 3TB HDD using lvmcache.

        • captcha [any]
          ·
          4 years ago

          LUKS is fairly easy to setup on its own. Everything is done through the cryptsetup tool.

          1. format a device with cryptsetup luksFormat /dev/sdX
          2. open with cryptsetup luksOpen /dev/sdX myContainer
          3. new device is available under /dev/mapper/myContainer

          Linux will treat the opened container as a new disk so you can give it a file system or create a lvm device out of it. You can even have an LVM volume contain a LUKS container which contains another LVM volume group, etc.

          The hard part about LUKS is getting your system to open it on boot. For that refer to the archwiki.

          • PorkrollPosadist [he/him, they/them]
            ·
            4 years ago

            Right, that makes sense. I've managed to avoid building an initramfs by only using LVM for /home and leaving / as a regular btrfs partition, but you certainly do enter the "keys are locked inside the car" situation when you're trying to load the modules for encrypted filesystems from an encrypted filesystem.

            • captcha [any]
              ·
              4 years ago

              Changes to the initramfs are easy and well documented. Just edit /etc/mikincpio.conf and run sudo mkinitcpio -p linux.

              The hard part is telling your bootloader to use the luks module you added to the initramfs. It changes depending on your bootloader.