LUKS encryption and power outages

[LinuxTom]

I have a question for the LUKS gurus. I live in an area with common power outages, but have never shelled out the money for an APC unit; that stated I have never lost data from an ext3 partition due to a power failure (fingers crossed).

Recently I decided to secure my external USB drive using LUKS aes-xts-plain with 512 key. I have been considering reformatting my ext3 /home to an LVM partition and splitting it into (/home, /tmp, /var/tmp, swap), my research into this has solved the issues regarding fstab processing order, and LUKS password entry, but I am concerned about the power outages.

From what I gather LVM volumes are in-there-self quite susceptible to bit-swap corruption during power loss (correct ?), and I have seen mention that the same could be true for LUKS.

I have not found any comprehensive material on this issue, and would like input from someone more familiar with this topic.

Basically, is this going to be a bad idea, as I would hate to be syncing data between the pc and the external during a power outage, and vaporize my file systems.

[brunson]

I've never had a problem with LVM and corruption during power loss. My 2 year old son thinks it's incredibly funny to see daddy's face turn red when he pushes the reset button on my Fedora box at home, so it happens pretty regularly. But it's not really LVM that would have the problem, it's the filesystem on top of it. Ext3 uses journaling which should make it less susceptible to problems during a power failure.

[LinuxTom]

None of the power outages have ever caused any data loss on my ext3 partitions, but I have stumbled across some things while Googling this matter, mainly in Ubuntu forums that indicate that while ext3 is safe by virtue of it's journal, that LVM partitions themselves may become corrupted due to power loss. Also there seems to be some others speculating about LUKS and power outage in general, that's why I am curious. Since there is no LUKS specific journal, in the event of power loss, would this not corrupt the the LUKS partition itself, rendering it inaccessible?

[bee]

Quote:

Originally Posted by LinuxTom

None of the power outages have ever caused any data loss on my ext3 partitions, but I have stumbled across some things while Googling this matter, mainly in Ubuntu forums that indicate that while ext3 is safe by virtue of it's journal, that LVM partitions themselves may become corrupted due to power loss. Also there seems to be some others speculating about LUKS and power outage in general, that's why I am curious. Since there is no LUKS specific journal, in the event of power loss, would this not corrupt the the LUKS partition itself, rendering it inaccessible?

I know nothing about LVM
Anyway, LUKS is just a software that will write on your disk "aa8£g" in place of "Hello", so there are no differences between running a computer with LUKS or no. (well, except that all your data will go through your CPU before landing on your disk, so it's a bit slower...)
Of course if a power failure (not really a power loss, usually it's because of a power overload or anyhow how you call it "the opposite of a brownout" ) destroy right only the header of your disk, you'll be unable to access and recover any file

bye!!!!

[LinuxTom]

That's actually what I'm getting at, I guess I should have said header. I have seen mention of data corruption of both LVM & LUKS headers, from both power and kernel issues. Just kind of concerned about encapsulating LUKS partitions in LVM, seems like I might be setting up for a double whammy. I guess I could back up the LUKS metadata, but from what I gather that's going to defeat the point of securing the drive in the first place. I guess I'll give it a shot though, as the odds of power failure occuring while the external is mounted, and trashing both is minimal.

[sej7278]

yes LUKS on LVM does seem to be doubling your chances of loss.

the problem with LUKS is that it encrypts a container or partition, not just individual files, so get some bit-rot or power loss and you don't lose a file, you lose everything. same with LVM - ext3 journaling won't help you as the ext3 partition will be unreadable anyway if the LVM that its inside gets corrupted.

i'd say LUKS on ext3 is your best bet, but the way fedora have implemented it seems to require it to be on an LVM - otherwise you get one passphrase prompt per partition at boot!

[bee]

Quote:

Originally Posted by sej7278

otherwise you get one passphrase prompt per partition at boot!

it's possible to avoid it...... for some reasons it doesn't work with me if i edit the crypttab, but it work in my way: http://forums.fedoraforum.org/showpo...61&postcount=4

bye!!

[LinuxTom]

I am becoming more and more baffled as to how to accomplish what I wish to do. It seems there really is not an alternative that meets both my needs, plus allows me to feel safe that data may not become corrupted if my power drops. I simply do not wish to enter 4 passwords at bootup, but I want /home, /tmp, /var/tmp, swap encrypted. Anyone know of a way to make this work without LVM? Could I perhaps symlink /tmp & /var/tmp at boot, to the LUKS partition?

[sej7278]

Quote:

Originally Posted by LinuxTom

I am becoming more and more baffled as to how to accomplish what I wish to do. It seems there really is not an alternative that meets both my needs, plus allows me to feel safe that data may not become corrupted if my power drops. I simply do not wish to enter 4 passwords at bootup, but I want /home, /tmp, /var/tmp, swap encrypted. Anyone know of a way to make this work without LVM? Could I perhaps symlink /tmp & /var/tmp at boot, to the LUKS partition?

i'd like to know too, i think its the holy grail.

i'm thinking of just making a /encrypted partition and putting my sensitive stuff in there, as i don't really want my /home to get screwed and don't want to use lvm to avoid passwords, although not encrypting swap is not great

[bee]

Quote:

I simply do not wish to enter 4 passwords at bootup, but I want /home, /tmp, /var/tmp, swap encrypted

It's possible with ext3 filesystems.
Read again my post #7 and its link
You can enter your password once.... and automagically decrypt all partitions (root, /home, swap, /tmp, /sexybees, etc... ). Why are you saying that it isn't possible!?!?!? i did it, so it's possible

bye!

[LinuxTom]

Well, I just decided on the easy method and created an encrypted LVM physical volume with logical /tmp, /var/tmp, swap, /home. I've got my backups ready, so I'll give it a shot and see how it all holds up.