I’m setting up FDE and wonders which one is better. “LVM over LUKS” or “LUKS over LVM”? Or something else? Does one is definitely better then the other? What are your preference?

Thanks.

  • Max-P
    link
    fedilink
    310 months ago

    If you’re not careful /etc can also contain passwords and other sensitive files. My WiFi password is there for example because it needs to be in the wpa_supplicant config file. On servers that’s TLS certificates and keys.

    In my experience block level is faster, and less of a hassle, and can support hibernation properly. Also much easier if you want just one big partition to not waste space on separate root home and var.

    • Thanks for the correction. I would also like to add that /root is probably also something that should be encrypted, you won’t have to shred your root account’s bash_history after accidentally typing your password into the root shell.

      I didn’t clarify this in the original comment but imo unless your distro specifically offers the option to partition a drive the way I described it, it’s not worth it. (as far as I know, no distro offers this kind of encryption)