Questions tagged [disk-encryption]
The disk-encryption tag has no usage guidance.
315 questions
0
votes
0
answers
34
views
How to only suppress warning outputs from cryptsetup?
In Linux in Bash i run a script with some cryptsetup calls like
--luks2-metadata-size=16k --luks2-keyslots-size=256k .... luksFormat ....
that brings Warning outputs.
I know and understand, but i ...
- 539
0
votes
1
answer
29
views
Does dm-crypt waste device space?
That is, when a device-mapping is created manually with the dm-crypt target, is the resulting device smaller than the backing device?
What is the missing space used for?
Will the answer change ...
0
votes
0
answers
31
views
cryptsetup - luks header
i will create some write once read many files.
i need only one key for open the file and for me, there is no reason to change in the future the key.
the header will stored on a different place, and ...
- 539
0
votes
0
answers
29
views
Converting LUKS to LUKS2 breaks password
I've got a system with LUKS partitions. I'd like to convert them to LUKS2 to see if I can simplify my setup using partition labels.
When I run cryptsetup convert <partitionNode> --type LUKS2 it ...
- 810
0
votes
1
answer
43
views
Data Recover from Encrypted LUKS Partition | Missing Files
I have been having some issue unmounting my encrypted drive recently. This lead to it being forceably removed instead of ejected.
It appears to have some done some damage to the drive as, although I ...
- 111
1
vote
1
answer
96
views
Minimizing the size of the LUKS Header
With cryptsetup I will create some LUKS encrypted files with detached header. In the files I will write once and read repeatedly. I do not need to change any key.
How can the size of the header be ...
- 539
0
votes
0
answers
52
views
what is the smallest possible size when creating a luks2 header
What is the smallest possible size when creating a luks2 header?
How to create one under 16 Mib?
- 539
1
vote
1
answer
113
views
How to open an USB's encrypted /boot automatically
My situation is a bit unique:
The scenario ~
I have successfully encrypted my root partition and boot partitions. My boot partition lies on my usb along with the /boot/efi on a separate unencrypted ...
- 11
0
votes
0
answers
30
views
remote encryption nixos server not reachable
I'm trying to setup my server to start remotely. The problem is, it is not reachable, so I can't specify a Password to decrypt my drive.
I don't now what the problem is here wake on lan works. I also ...
0
votes
1
answer
85
views
ZFS: Keyformat required for new encryption root
I am trying to create a filesystem in ZFS with the following command:
zfs create -o compression=on -o recordsize=1M -o encryption=on pool/dataset
I am unable to do so, since I receive the following ...
- 101
0
votes
0
answers
127
views
Auto-unlocking and mounting encrypted bcachefs filesystem on boot. Is there a better way?
I'm currently using a hacky systemd script with hardcoded password to auto-unlock and mount bcachefs filesystem on boot.
Is there a better way to improve security by using a key file perhaps?
I was ...
- 238
0
votes
1
answer
111
views
Ext4 filesystem in LUKS container - container size calculation
On my Linux system I have a file "1gb.file" that is 1073741824 bytes in size.
This file I'll put into a LUKS container ("1gb.file.crypt") with ext4 filesystem inside.
What size ...
- 539
0
votes
0
answers
81
views
"Insmod cryptodisk" is missing from grub.cfg?
I am following this guide this guide on /boot encryption for my Ubuntu system. I am currently on section 3, after deciding to not complete section 4. (i.e, I don't wish to avoid multiple password ...
- 85
1
vote
0
answers
58
views
Security implications of avoiding extra password prompt in /boot encryption? Do GRUB and Linux compare against the same hash?
I am following this guide on full disk encryption, including /boot. Section 4 involves placing a key that can decrypt /boot and / into the initramfs image contained in /boot, so that once you unlock /...
- 85
0
votes
2
answers
84
views
How to make the key slot to unlock at GRUB stage to be the first active one?
I am following the Debian dev's guide to full disk encryption to secure an Ubuntu machine and I am confused at section 3. It states:
Note: cryptomount lacks an option to specify the key slot index to ...
- 85
0
votes
1
answer
248
views
GRUB password seems useless, so why even bother?
My system has full disk encryption except for /boot. I've set a GRUB password by following this post, but then was able to disable it by booting into Kali Live and running:
mkdir /mnt/dev/sda2
sudo ...
- 85
3
votes
2
answers
534
views
How to create an encrypted RAM-disk as a regular user?
Is it possible to create an encrypted RAM-disk as a regular user (without requiring sudo). (with FUSE or similar tools)?
Note that the use-case here is to edit sensitive data, there are of course in-...
- 1,360
0
votes
0
answers
36
views
GNOME Disks Unlock at System Start Up Debugging
I have been attempting to set my Micro SD card to automatically unlock once I login. However, it does not work as planned. Below is how I set up the encryption with GNOME Disks.
Would any of you know ...
- 157
1
vote
1
answer
115
views
What is correct cipher name for the cryptsetup to use HCTR2 wideblock encryption?
By googling, trial and error I came up with the following string:
cryptsetup benchmark -c aes-xctr-plain64
but I'm not sure whether it is correct.
The cipher spec aes-xctr-plain64,polyval-generic ...
- 153
0
votes
0
answers
65
views
Grub cryptomount with BtrFS RAID: how?
I'm on Ubuntu 23.10, with three LUKS disks (whole disk, no partitions). Inside of them is a btrfs RAID1. /boot is combined with /root, inside of LUKS.
Having done grub-update and then grub-install ...
- 710
2
votes
1
answer
85
views
Is there any e4crypt kernel side documentation?
I'm trying to understand e4crypt and fscrypt, and also how they differ. But it is hard to find documentation on e4crypt other than the command line tool man page and some old tutorials.
Is there any ...
- 1,321
0
votes
0
answers
197
views
How do you decrypt an f2fs partition?
I have got an encrypted f2fs image, I know the password, I'm able to mount it via sudo mount -t f2fs mmcblk0p64.img /mnt/mmcblk0p64 so it doesn't appear broken or anything, and f2fscrypt recognizes ...
- 407
1
vote
1
answer
60
views
How to create a dm-crypt block device in /dev/mapper without wiping it?
I can create a dm-crypt filesystem with:
root@smarcimx8mq4g:~# cat /data/caam/randomkey | keyctl padd logon logkey: @s
731358804
root@smarcimx8mq4g:~# dmsetup -v create encrypted --table "0 $(...
- 981
0
votes
0
answers
40
views
Ubuntu 23.11 + TPM Full Disk Encryption + Esxi/VMWare
Has anyone gotten TPM + FDE working on a VM in ESXi?
I got through the installation but after reboot the system would not start, a screen comes up with /EndEntire and then the following errors:
When ...
- 101
0
votes
0
answers
257
views
Issues encrypting root partition with Luks
I was given a "golden image" of an out of date production server and was instructed to update and harden the OS for production delivery. The issue I am running into is that LUKS. I am using ...
- 1
0
votes
1
answer
189
views
ZFS remove password
I have an encrypted ZFS partition, but I'd like to remove the password not to type any password when booting. Is it possible, ideally without decrypting each file one by one? For instance what happens ...
- 4,431
1
vote
0
answers
30
views
Accesing encrypted HDD after reinstalling OS (Linux)
I have two drive on my PC:
SSD
HDD
OS (Debian) was installed on SSD. HDD was formatted and encrypted from Gnome Disks from installed OS.
In Gnome Disks information about HDD looks like:
Now I need ...
- 113
0
votes
0
answers
63
views
encrypting a remote VPS, and letting it boot without entering a password
I Have rented a VPS and I want to encrypt it's data, at least on the /home directory, because I don't want the owners of the VPS to have a look at the content of my data.
But the server already has ...
1
vote
1
answer
190
views
erase hardware-encrypted SSD
Disclaimer
I'm not robbing someone, didn't rob someone in the past and don't plan to do so anytime soon.
Situation
Imagine I own a Samsung 2.5" SSD (850, 860 or the like) which is encrypted.
If ...
- 23
2
votes
0
answers
484
views
LUKS password correct, but not accepted
I am attempting to install Kali on a laptop, which should normally be straightforward. However, on this particular device, the Kali installer errors upon writing the partition changes to disk for some ...
- 519
0
votes
1
answer
43
views
Deleted LUKS Disk
I had a dual-boot laptop setup with an encrypted BIOS. I then removed my Manjaro installation and deleted all of the partitions, including the Manjaro partition, which included my LUKS disk. When I ...
user594163
0
votes
1
answer
270
views
Is it risky to use hibernation in Ubuntu?
I've read that hibernation often causes trouble in Linux environments, e.g. system fails to wake-up or freezes and sometimes even refuses booting after reset. I really like the idea of hibernating the ...
- 143
1
vote
1
answer
488
views
How to configure waiting time for LUKS password
My /home partition (on Linux Debian testing) is encrypted with LUKS.
$ mount|grep home
/dev/mapper/home-crypt on /home type ext4 (rw,relatime)
Configuration via /etc/crypttab:
home-crypt UUID=...
- 223
1
vote
1
answer
183
views
LUKS Encryption - Readable content
In LUKS, only files get encrypted, not the entire drive.
So my question is, what is accessible if just files are encrypted. For example:
Are file paths or file names visible? (Eg: For Enrypted ZIP ...
0
votes
0
answers
2k
views
Full disk encryption (and decrypt on boot) for existing Debian installation (bookworm)
I have an existing Debian system and there is a need to encrypt the disk at rest. Searching online (and here) I see that the only way to do it is to do a fresh installation, this time with LUKS on. I ...
- 378
0
votes
0
answers
215
views
How to recover data off of a broken linux system with full-disk encryption
I am running Manjaro. I have it set up with full-disk encryption through LUKS. Booting up my computer I noticed some things were weird, like some of my settings had reverted to their default. I tried ...
- 23
1
vote
1
answer
57
views
How to create an entire backup of a disk to fall back to before performing a dist-upgrade?
I am preparing a dist-upgrade. Before I do that I want to make a backup of my entire disk so that even if the upgrade fails I can fall back to a backup. I have two SSDs, /dev/nvme0n1 which is the ...
- 11
1
vote
1
answer
122
views
Does LUKS disk encyption break SLC caching on QLC/TLC SSDs?
It seems that modern SSDs degrade in performance the more data they are holding.
My understanding is that this is because manufacturers put less and less storage cells on the SSDs relative to their ...
- 1,083
1
vote
2
answers
931
views
Check if a block device is Bitlocker encrypted
Ubuntu 22.04 can decrypt and read a BitLocker-encrypted device/partition without a need of installing any additional software (older releases can as well, perhaps, but I have not seen it)
How can a ...
- 111
2
votes
1
answer
886
views
Does the UUID of a LUKS partition change after re-encryption?
I want to re-encrypt a system and swap partitions on EndeavourOS. The issue is that in many files (crypttab, mikinicpio, fstab, etc) the exact UUID of the LUKS partition is built in, meaning I would ...
user549014
1
vote
1
answer
2k
views
Second disk encryption using LUKS
I'm looking for a clear tutorial on how to do this but I'm encountering insufficient information everywhere.
Namely, I have a laptop with the following disk configuration:
Drive one has Fedora 38 ...
- 11
0
votes
1
answer
56
views
Why would the firefox of my running system automatically open files from an external USB drive that used to be the boot-drive of another system?
I have an SSD that another laptop was booting from (before the other hardware in that laptop failed)
but now I'm using it in one of those little SATA enclosure shell adapter things
in order to access ...
- 23
2
votes
1
answer
1k
views
How to increase the size of a LUKS file-container
There are many tips on how to resize (increase) a LUKS2 encrypted device / partition / LVM volume. But how to increase the size of the LUKS container created in the file?
I once created:
dd if=/dev/...
- 127
9
votes
1
answer
2k
views
Low performance of encrypted SSD
I have a 128GB Somnambulist SSD. I know this brand is one of the worst. I measured the speed using GNOME Disk Utility, and it showed a read/write speed of 420/340.
After encrypting the SSD with Debian ...
- 373
1
vote
1
answer
399
views
Random wipe free space: dd if=/dev/urandom vs LUKS format-erase, which is more secure, any pitfalls?
The ArchLinux Wiki on dm-crypt advices overwriting new storage devices or partitions with random data before using them for encrypted volumes. There are two ways I have used to achieve this, but I ...
- 11
0
votes
1
answer
404
views
Unable to boot after GRUB_CMDLINE_LINUX="console=tty12"
I changed GRUB_CMDLINE_LINUX="" to GRUB_CMDLINE_LINUX="console=tty12".
My disk is crypted and I need to insert the password, but I don't know how to write over that console and ...
2
votes
1
answer
442
views
Is it possible to check if a LUKS device has been damaged by a foreign person?
Let's assume I lost a LUKS encrypted USB pen drive. I think the file system type (ext4/fat32/...) doesn't play a role. A foreign person finds it. Of course he cannot access my data because he doesn't ...
- 982
0
votes
1
answer
175
views
Debian cloned with dd cannot boot because "directory is encrypted"
Plan:
Use dd to clone running system onto spare hard disc.
Put spare hard disc in spare machine.
Switch to using spare machine
Rebuild system and migrate serivces back.
So I cloned the disc with
# ...
2
votes
0
answers
284
views
How to enable hardware encryption on my Crucial MX500 drive
I have a Crucial MX500 1TB drive and it supports hardware encryption. I need to attach it to my Raspberry Pi 4 running ubuntu 20.04 and enable encryption. I also need the drive to be auto attached to ...
- 21
0
votes
0
answers
23
views
How make security storage that works with file protocol?
There is some system that stores report files in a local folder.
Information security department wants these reports to be stored not on the local server, but in a remote secured storage and that the ...
- 63