Permanently Deleted

  • captcha [any]
    ·
    4 years ago

    LUKS is fairly easy to setup on its own. Everything is done through the cryptsetup tool.

    1. format a device with cryptsetup luksFormat /dev/sdX
    2. open with cryptsetup luksOpen /dev/sdX myContainer
    3. new device is available under /dev/mapper/myContainer

    Linux will treat the opened container as a new disk so you can give it a file system or create a lvm device out of it. You can even have an LVM volume contain a LUKS container which contains another LVM volume group, etc.

    The hard part about LUKS is getting your system to open it on boot. For that refer to the archwiki.

    • PorkrollPosadist [he/him, they/them]
      ·
      4 years ago

      Right, that makes sense. I've managed to avoid building an initramfs by only using LVM for /home and leaving / as a regular btrfs partition, but you certainly do enter the "keys are locked inside the car" situation when you're trying to load the modules for encrypted filesystems from an encrypted filesystem.

      • captcha [any]
        ·
        4 years ago

        Changes to the initramfs are easy and well documented. Just edit /etc/mikincpio.conf and run sudo mkinitcpio -p linux.

        The hard part is telling your bootloader to use the luks module you added to the initramfs. It changes depending on your bootloader.