Slower boot time each encrypted LV must be unlocked seperately.Complex changing volumes requires changing encryption mappers too.Easy mix of un-/encrypted volume groups.LVM can be used to have encrypted volumes span multiple disks.Uses dm-crypt only after the LVM is setup. Less useful, if a singular volume should receive a separate key.LVM adds an additional mapping layer and hook.Easiest method to allow suspension to disk.Only one key required to unlock all volumes (e.g.Simple partitioning with knowledge of LVM.LUKS volume is automatically unlocked (only if the system was not tampered with).Īchieves partitioning flexibility by using LVM inside a single LUKS encrypted partition.TPM2 prevents the system from being unlocked if Secure Boot is disabled or modified.Secure Boot protects against Evil maid attacks.Similar to the example above, with Secure Boot and TPM2 providing additional layers of security. #LUKS on a partition with TPM2 and Secure Boot
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |