1 |
On Sun, 12 Jul 2015 15:21:41 -0400, Rich Freeman wrote: |
2 |
|
3 |
> While some kind of native support would be nice, and likely more |
4 |
> efficient in some ways, you could just layer btrfs on top of an |
5 |
> encrypted loopback device. |
6 |
|
7 |
The problem with that approach, if you use RAID, is that all writes must |
8 |
be encrypted multiple times, once for each disk, unless you use MD RAID |
9 |
between the disk and the encryption layer. |
10 |
|
11 |
> The problem is you'll need various scripts |
12 |
> in your initramfs (or root partition if you don't bother to encrypt |
13 |
> it) to actually set that up. |
14 |
|
15 |
With a single device, Dracut handles all this automatically. I have such |
16 |
a setup on my laptop and used to use custom scripts to call cryptsetup at |
17 |
boot time, until I got fed up with you and Canek banging on about Dracut |
18 |
and decided to give it another go. With the right boot options, it just |
19 |
works. |
20 |
|
21 |
|
22 |
-- |
23 |
Neil Bothwick |
24 |
|
25 |
Any sufficiently advanced bug is indistinguishable from a feature. |