| 1 |
On Sun, 12 Jul 2015 15:21:41 -0400, Rich Freeman wrote: |
| 2 |
|
| 3 |
> While some kind of native support would be nice, and likely more |
| 4 |
> efficient in some ways, you could just layer btrfs on top of an |
| 5 |
> encrypted loopback device. |
| 6 |
|
| 7 |
The problem with that approach, if you use RAID, is that all writes must |
| 8 |
be encrypted multiple times, once for each disk, unless you use MD RAID |
| 9 |
between the disk and the encryption layer. |
| 10 |
|
| 11 |
> The problem is you'll need various scripts |
| 12 |
> in your initramfs (or root partition if you don't bother to encrypt |
| 13 |
> it) to actually set that up. |
| 14 |
|
| 15 |
With a single device, Dracut handles all this automatically. I have such |
| 16 |
a setup on my laptop and used to use custom scripts to call cryptsetup at |
| 17 |
boot time, until I got fed up with you and Canek banging on about Dracut |
| 18 |
and decided to give it another go. With the right boot options, it just |
| 19 |
works. |
| 20 |
|
| 21 |
|
| 22 |
-- |
| 23 |
Neil Bothwick |
| 24 |
|
| 25 |
Any sufficiently advanced bug is indistinguishable from a feature. |
Archives