Think he might have just missed the fact that you had EFI boot aswell. So then it would be: /boot md0 /boot/EFI md1 / md2 -> vg0 -> lvs Otherwise it was more a suggestion on using encryption for more then just the /home partition since there is always a risk with SWAP etc to have information that you do not want to be read. My current setup goes: /dev/mapper/vg0-root / /dev/mapper/vg0-usr /usr /dev/nvme0n1p2 /boot <- this would be a md device in your case /dev/nvme0n1p1 /boot/efi <- this would be a md device in your case /dev/mapper/vg0-home /home /dev/mapper/vg0-var /var /dev/mapper/vg0-tmp /tmp /dev/mapper/vg0-var_tmp /var/tmp /dev/mapper/vg0-var_log /var/log /dev/mapper/vg0-var_log_audit /var/log/audit Note that we are most likely mixing data redundancy with data security a bit here. So as far as your plan to run a md device for each "partition" needed that is a sound and solid plan. When it comes to encryption the point is that you might want to have more then just /home protected. But this is very dependent on your threat model. If you have a laptop encryption of all partitions is suggested. Regards On 2022-04-24 20:54, H wrote: > On 04/23/2022 09:19 PM, H wrote: >> On 04/19/2022 09:57 AM, Roberto Ragusa wrote: >>> On 4/18/22 1:27 PM, H wrote: >>>> I have a new computer with 2 x 2TB SSDs where I wanted to install C7 and use mdadm for RAID1 configuration and encrypting the /home partition. On the net I found https://tuxfixer.com/centos-7-installation-with-lvm-raid-1-mirroring/ which I adopted slightly with respect to partition sizes, using RAID1 for /boot and /root as well and added the /home partition with RAID1 and chose to have /home encrypted. >>> It may be a good idea to also have / and swap encrypted, since user data can go there easily >>> (logs, locatedb, swapped mem). >>> >>> I would do: >>> - /boot as a separate RAID1 (md1=sda1+sdb1) >>> - then another RAID1 (md2=sda2+sdb2) using all the remaining disk >>> - luks on top of md2, giving you luks-xxxxx >>> - LVM with a PV on luks-xxxxx >>> - VG and LVs for swap, / and /home (do not assign all the available space now, especially if using xfs as filesystem) >>> >>> Not sure if you can do this setup through the installer, you have to try (in a VM maybe). >>> >>> Regards. >>> >> Thank you. I will have time to get back to this system tomorrow to try this. >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos > Roberto, what would the advantage(s) be with your setup, ie one RAID1 array for everything but /boot compared to what I had done, ie three RAID1 arrays for /boot/efi RAID1, /boot RAID1 and one LVM-RAID1 for / and /home? As a naive user it would seem to me that the setup I did would be more resilient if a disk fails, or? > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 249 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20220429/83cff3d8/attachment-0003.sig>