Date: Mon, 19 Jul 2021 21:03:25 +0000
From: caskd <caskd@redxen.eu>
To: Michael Siegel <msi@malbolge.net>
Cc: ~alpine/users@lists.alpinelinux.org
Subject: Re: "LVM on LUKS" wiki page: Questions and suggestions
Message-ID: <20210719210325.5jno55lrja76vrdu@navi>
References: <20210719215114.531515a2@moon>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="k2d4txsymy62fig7"
Content-Disposition: inline
In-Reply-To: <20210719215114.531515a2@moon>


--k2d4txsymy62fig7
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hello,

>First, it seems to me that wiping only the partition that is going to be
>used for the LUKS container =E2=80=93 after and because you have already c=
reated
>partitions =E2=80=93 is not a good idea. Just wiping the whole disk before
>creating partitions is probably what should be done instead.
I agree, that would be better instead if one really needs to clean up previ=
ous data.

>Then, when using dd(1), going with the default block size will take
>ages to complete. Adding `bs=3D1M` is generally much faster, in my
>experience.
This is entirely dependent on the device you have and a few other factors, =
so it makes more sense to keep the default.

>So, I suggest the following:
>
>  * Remove section "Optional: Overwrite LUKS Partition with Random
>    Data" entirely.
It should be replaced with "Overwrite disk with Random Data" before creatin=
g the partition table instead.

>This section is obviously specific to the case of using GRUB with UEFI.
>
>The version for Syslinux with BIOS would have to look like this, if I'm
>not mistaken:
>
>  # cd
>  # umount /mnt/boot
>  # swapoff /dev/vg0/swap
>  # umount /mnt
>  # vgchange -a n
>  # cryptsetup luksClose lvmcrypt
>  # reboot
>
>So, there should be two sub-sections here:
>
>  * "Syslinux with BIOS", containing the above command block.
>  * "Grub with UEFI", containing what's already there.
This has nothing to do with the bootloader. If syslinux supported UEFI, it =
would be similar if not the same.
It should instead keep the `umount /mnt/boot/efi` with a comment or a note =
that says it is UEFI specific.

Feel free to edit the page and thanks for contributing!

(This is a duplicate, i forgot to CC the mailing list.)

--=20
Alex D.
RedXen System & Infrastructure Administration
https://redxen.eu/

--k2d4txsymy62fig7
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEE2k4nnbsAOnatJfEW+SuoX2H0wXMFAmD16J0ACgkQ+SuoX2H0
wXPd3g//USKIwjY/UAKeaRCouiMU8IjcbZnYJ22eAc7Zp9xe9yCfBg3WcJcRR//C
r+1ZNv9uU5lPjP4HqXPCqM6AKm+vPWPnoa8wamZprAKvH0OrrCw3LooLg+q0Dixk
wAh10nHpr2ZdDX63IWLo0YMECJuPoi3qnpPjaywWTMKWNZyo+K9LYxO0E4vrIuPQ
LTs9AoYS7rRjLrQuDW7Fzq9Q9Ozzbn2P2vtG7A3bkgQaXoxpvgWPZYx5RUgQ+z15
FXzRh4+ue78GToWyHHo9mFrvz4ZSxPMPUOEEPzWqCJBWqA9nORCnDMq502QDplnD
IfzE0TN9juHzf1o0aApZ2t6JuexKAlpldFLus9eQ9UyNP35G4IX7T4C8sBYkyXcf
P9g7p7/jk/tEMrphMM5yJBwlAgnJbhWySq8VORuOzlCXDf61T/uuATnaceS06CAj
Ft/9ZYEPxAFaKykJQBfrRCzQLPhF0RDeexnb3me5xLPoxG0CBmhxoSBuRsireaXx
enEtkHxmnFnS9nBkigbVILdwFDq7mE2kjZaVyfKEk7q5q/E9XxDggjSGOnzQvTo/
uffWxDByL/oBQWROn3fMYFkuYT310f8RMIDiuGGuZvh61z0sZIAB7rj4AXFNn4aL
WQ/07qooulndI/sM8ezjlN7s2Cy9PHOuZzooYNVnmAEufh2m97I=
=goaL
-----END PGP SIGNATURE-----

--k2d4txsymy62fig7--