I have not used dm-crypt, but interesting topic. The first link I found
says that dm-crypt is for block devices, not filesystems.
https://en.wikipedia.org/wiki/Dm-crypt
https://wiki.archlinux.org/title/dm-crypt
Since they appear as block devices, should creating ASM volumes on these
dm-crypt devices solve the problem then?
On Wed, May 17, 2023 at 3:23 PM Tim Gorman <tim.evdbt@xxxxxxxxx> wrote:
Friends and colleagues,
I have a customer who wishes to use Linux DM-CRYPT to encrypt all
filesystem contents on their Linux systems. They wish for DM-CRYPT to also
cover their Oracle database files on ASM which they note uses "raw" block
devices not based on any filesystem, which they feel leaves them choosing
between using DM-CRYPT and ASM.
Yes, we've discussed Oracle TDE, and they prefer not to use it. That
conversation is a dead end.
I know that it is possible to pre-create empty files on remote NFS
filesystems and then use those as disk files for ASM, instead of block
devices, as described in Oracle Support note #731775.1 (entitled "*How To
Create ASM Diskgroups using NFS/NAS Files*
<https://support.oracle.com/epmos/faces/DocumentDisplay?id=731775.1>").
However, I can't find a similar support article describing the same method
for local filesystems.
Has anyone found such a support article, or perhaps use local filesystem
files as ASM disk?
Please let me know what you think?
Thanks!
-Tim
