Talk:Dm-crypt/Encrypting an entire system
Merging plain dm-crypt instructions with LUKS instructions
I just noticed that the instructions are fairly similar for encrypting a system with LUKS and without. LUKS is just a header at the beginning of the device or partition that dm-crypt is created on; it doesn't change the device mapper configuration or partition layout in any way. Encryption on LVM and LVM on encryption definitely need separate instructions because they are very different setups, but whether or not LUKS is involved really only affects one command in the entire tutorial:
# cryptsetup --hash=sha512 --cipher=twofish-xts-plain64 --offset=0 --key-file=/dev/sdZ --key-size=512 open --type=plain /dev/sdX enc
# cryptsetup luksFormat /dev/sdx3
Other than that, the procedure is the same, is it not? We would still need to discuss what LUKS is and whether or not to use it (Dm-crypt/Encrypting_an_entire_system#Setup_encryption should remain, and could be moved to the top of the article, for example), but I don't think we need completely separate instructions for LUKS and plain dm-crypt. In the few cases where the setup procedure does differ, we could make a small note about what to do if using plain dm-crypt). For example, we could add this to the "Preparing the disk" sections:
Nearly all the other steps -- including dedicated /boot partition preparation, LVM setup, mkinitcpio hooks, and bootloader installation -- are identical whether LUKS is used or not. In fact, the current layout seems more cumbersome, as Dm-crypt/Encrypting_an_entire_system#Plain_dm-crypt currently forks its instructions at certain points based on the decision of LVM on encryption vs encryption on LVM. It seems that it should be the other way around (LVM on encryption / Encryption on LVM sections should fork based on LUKS vs plain, as the latter pair are far more similar to each other.
Notice I imply changing the word "LUKS" to "encryption", as it could imply LUKS or plain dm-crypt interchangeably. Of course, LUKS is still the much more common use case of the two (in fact, the [FAQ] doesn't really recommend plain dm-crypt at all.)
Without looking at the edit history, I would guess the reason they are currently separate is a relic of merging Dm-crypt with LUKS and Plain dm-crypt without LUKS into this page. I don't really have any experience with plain dm-crypt, to be honest, so I could be wrong about this, and I wanted to ask for some other opinions before I go making drastic changes.