After my followup to the Tuesday post I've received some additional comments and I'm writing this entry to close the subject... ;)
One of the comments was from Gunnar to tell me that the followup setup was the same provided by the automatic partitioner of the Debian Installer since 2007.
I was unaware of that because until some weeks ago I never tried to install a system with encryption support and when I did it on my laptop I used the manual setup because I wanted to keep the MacOS X partitions.
Anyway my followup blog entry made sense anyway, as I just wanted to comment my thoughts about the advantages and disadvantages of each partitioning schema.
I also received a couple of messages proposing the use of three layers to keep the flexibility of the original setup and the simplicity of the second; the setup is as follows:
- Layer 1: use LVM on a physical volume,
- Layer 2: create a logical volume and format it as an encrypted volume,
- Layer 3: use LVM on top of the encrypted logical volume and put there the file systems that you want encrypted.
With the LVM at the lower level you get the advantages of my setup (mix encrypted and unencrypted partitions, the crypted volume can use multiple physical volumes, etc.) and the advantages of the second setup (only one key for all the encrypted file systems).
I believe that this setup is a little too much for a laptop, but can be a good option if you need encrypted file systems on a server.