cross-posted from: https://programming.dev/post/9319044

Hey,

I am planning to implement authenticated boot inspired from Pid Eins’ blog. I’ll be using pam mount for /home/user. I need to check integrity of all partitions.

I have been using luks+ext4 till now. I am hesistant hesitant to switch to zfs/btrfs, afraid I might fuck up. A while back I accidently purged ‘/’ trying out timeshift which was my fault.

Should I use zfs/btrfs for /home/user? As for root, I’m considering luks+(zfs/btrfs) to be restorable to blank state.

  • Skull giver@popplesburger.hilciferous.nl
    0·
    8 months ago

    I use ZFS to do RAID on a NAS because I was too lazy to look up how to do a proper RAID setup. Works pretty well. Have had to replace two hard drives, and rebuilding seems to work just fine.

    I use BTRFS on my desktop (programming stuff mostly, but also gaming) and on the SD cards of my Steam Deck for the compression. I think ZFS would’ve suited me as well, but I didn’t want to deal with out of tree kernel modules so BTRFS made more sense.

    Timeshift works pretty well in my experience, especially when integrated with the distro package manager to automatically make snapshots before installing/upgrading packages.

    LUKS is my go-to solution, but I still need to figure out how to upgrade the LUKS PKDF without breaking anything. I use Grub with full disk encryption (and intend to keep using it) but Grub lacks several modern key derivation functions. If you’re planning on using an alternative (i.e. unencrypted /boot, or systemd-boot) you’ll probably be better off making sure you use modern crypto. I don’t think there’s any real proof that LUKS can be broken in its normal setup, but there were rumours some French guy got arrested and had his LUKS encryption fail on him, so you never know.