Questions tagged [luks]
Questions specific to LUKS (Linux Unified Key Setup) disk-encryption specification in general, such as setup questions or questions about how LUKS works. Use this tag if your question directly involves the LUKS disk encryption; do not use it if you just happen to be using an encrypted LUKS disk and your question is about a specific Linux configuration.
813
questions
1
vote
0
answers
38
views
I bricked my LUKS partition, how do I recover it?
I bricked my LUKS partition, I want to recover my partition or files
How I bricked my partiton: I was resizing my btrfs LUKS2 main partition from a live boot environment, it was taking very long so i ...
0
votes
1
answer
36
views
Ext4 filesystem in LUKS container - container size calculation
On my Linux system I have a file "1gb.file" that is 1073741824 bytes in size.
This file I'll put into a LUKS container ("1gb.file.crypt") with ext4 filesystem inside.
What size ...
0
votes
0
answers
21
views
"Insmod cryptodisk" is missing from grub.cfg?
I am following this guide this guide on /boot encryption for my Ubuntu system. I am currently on section 3, after deciding to not complete section 4. (i.e, I don't wish to avoid multiple password ...
0
votes
0
answers
25
views
Is there anyway to encrypt the disk without the TPM, and securely store the key? [duplicate]
I have a server that does not have TPM. I want to encrypt the disk (the /boot partition does not have to be encrypted). And I do not want to enter the passphrase during the boot.
So there must be a ...
1
vote
0
answers
37
views
Security implications of avoiding extra password prompt in /boot encryption? Do GRUB and Linux compare against the same hash?
I am following this guide on full disk encryption, including /boot. Section 4 involves placing a key that can decrypt /boot and / into the initramfs image contained in /boot, so that once you unlock /...
1
vote
1
answer
39
views
What stage of boot is asking for my password?
I just finished this guide on (almost) full disk encryption. So now my root directory and /boot directory are both encrypted, and GRUB is password-protected. /boot/efi is still unencrypted. I haven't ...
0
votes
0
answers
100
views
dracut with btrfs (raid1) on lvm on luks
I’m using Ubuntu with dracut for initramfs with BTFRS on LVM on LUKS:
$ lsblk -o name,type,mountpoint,fstype
NAME TYPE MOUNTPOINT FSTYPE
sda disk ...
3
votes
2
answers
271
views
Does crypttab's "key-slot" option mean LUKS will try that keyslot "only", or "first"?
I am following the Debian dev's guide to full disk encryption. I am currently on Section 4, step 3- editing /etc/crypttab.
In the guide, in section 3 they set up keyslot 0 for something else and now ...
0
votes
2
answers
32
views
How to make the key slot to unlock at GRUB stage to be the first active one?
I am following the Debian dev's guide to full disk encryption to secure an Ubuntu machine and I am confused at section 3. It states:
Note: cryptomount lacks an option to specify the key slot index to ...
1
vote
1
answer
42
views
Using cryptsetup and mount without sudo
I'm trying to build a CLI to easily manage the backups I have on my hard drives. Currently I use LUKS to encrypt the drives and duplicity to manage the backup process, and I have a simple bash script ...
2
votes
1
answer
77
views
LUKS - How can / be encrypted but /boot and /boot/efi are not?
This is more of a educational and curiosity question, rather than tying to fix a problem. I have an Ubuntu system using LUKS. lsblk shows this:
Noteably, / is encrypted but /boot and /boot/efi are ...
0
votes
0
answers
58
views
Recover damaged & luks-encrypted BTRFS partition
Here's my problem:
I have a Virtual Machine that I had to reset because the UI became very buggy after I tried to mount a hot-pluggable virtual disk image to copy some files.
Well that was actually ...
0
votes
0
answers
42
views
LUKS-LVM-LUKS - double encryption
I have FDE (LUKS-LVM), but my home directories aren't encrypted for each users.
I have now:
sda
├─sda1 /boot
└─sda2
└─crypto0 (luks)
└─vg0-root (/)
└─vg0-swap ([SWAP])
└─vg0-home (/home, ...
1
vote
0
answers
65
views
Restore corrupted LUKS header after falsely creating GPT table over FDE LUKS device
I accidentally created a partition table of type GPT and a partition starting at 15GB and ending at 20GB with parted on a device with with 4001GB size and LUKS full disk encryption. The device either ...
1
vote
1
answer
69
views
Where does cryptomount in Grub create decrypted disks
The documentation contains:
Successfully decrypted disks are named as (cryptoX) and have increasing numeration suffix for each new decrypted disk. If the encrypted disk hosts some higher level of ...