Questions tagged [disk-encryption]
The disk-encryption tag has no usage guidance.
305
questions
0
votes
1
answer
36
views
Ext4 filesystem in LUKS container - container size calculation
On my Linux system I have a file "1gb.file" that is 1073741824 bytes in size.
This file I'll put into a LUKS container ("1gb.file.crypt") with ext4 filesystem inside.
What size ...
0
votes
0
answers
22
views
"Insmod cryptodisk" is missing from grub.cfg?
I am following this guide this guide on /boot encryption for my Ubuntu system. I am currently on section 3, after deciding to not complete section 4. (i.e, I don't wish to avoid multiple password ...
1
vote
0
answers
37
views
Security implications of avoiding extra password prompt in /boot encryption? Do GRUB and Linux compare against the same hash?
I am following this guide on full disk encryption, including /boot. Section 4 involves placing a key that can decrypt /boot and / into the initramfs image contained in /boot, so that once you unlock /...
0
votes
2
answers
32
views
How to make the key slot to unlock at GRUB stage to be the first active one?
I am following the Debian dev's guide to full disk encryption to secure an Ubuntu machine and I am confused at section 3. It states:
Note: cryptomount lacks an option to specify the key slot index to ...
0
votes
1
answer
50
views
GRUB password seems useless, so why even bother?
My system has full disk encryption except for /boot. I've set a GRUB password by following this post, but then was able to disable it by booting into Kali Live and running:
mkdir /mnt/dev/sda2
sudo ...
3
votes
2
answers
387
views
How to create an encrypted RAM-disk as a regular user?
Is it possible to create an encrypted RAM-disk as a regular user (without requiring sudo). (with FUSE or similar tools)?
Note that the use-case here is to edit sensitive data, there are of course in-...
0
votes
0
answers
22
views
GNOME Disks Unlock at System Start Up Debugging
I have been attempting to set my Micro SD card to automatically unlock once I login. However, it does not work as planned. Below is how I set up the encryption with GNOME Disks.
Would any of you know ...
0
votes
0
answers
30
views
What is correct cipher name for the cryptsetup to use HCTR2 wideblock encryption?
By googling, trial and error I came up with the following string:
cryptsetup benchmark -c aes-xctr-plain64
but I'm not sure whether it is correct.
The cipher spec aes-xctr-plain64,polyval-generic ...
0
votes
0
answers
38
views
Grub cryptomount with BtrFS RAID: how?
I'm on Ubuntu 23.10, with three LUKS disks (whole disk, no partitions). Inside of them is a btrfs RAID1. /boot is combined with /root, inside of LUKS.
Having done grub-update and then grub-install ...
2
votes
1
answer
42
views
Is there any e4crypt kernel side documentation?
I'm trying to understand e4crypt and fscrypt, and also how they differ. But it is hard to find documentation on e4crypt other than the command line tool man page and some old tutorials.
Is there any ...
0
votes
0
answers
72
views
How do you decrypt an f2fs partition?
I have got an encrypted f2fs image, I know the password, I'm able to mount it via sudo mount -t f2fs mmcblk0p64.img /mnt/mmcblk0p64 so it doesn't appear broken or anything, and f2fscrypt recognizes ...
1
vote
1
answer
34
views
How to create a dm-crypt block device in /dev/mapper without wiping it?
I can create a dm-crypt filesystem with:
root@smarcimx8mq4g:~# cat /data/caam/randomkey | keyctl padd logon logkey: @s
731358804
root@smarcimx8mq4g:~# dmsetup -v create encrypted --table "0 $(...
0
votes
0
answers
14
views
Ubuntu 23.11 + TPM Full Disk Encryption + Esxi/VMWare
Has anyone gotten TPM + FDE working on a VM in ESXi?
I got through the installation but after reboot the system would not start, a screen comes up with /EndEntire and then the following errors:
When ...
0
votes
0
answers
113
views
Issues encrypting root partition with Luks
I was given a "golden image" of an out of date production server and was instructed to update and harden the OS for production delivery. The issue I am running into is that LUKS. I am using ...
0
votes
1
answer
92
views
ZFS remove password
I have an encrypted ZFS partition, but I'd like to remove the password not to type any password when booting. Is it possible, ideally without decrypting each file one by one? For instance what happens ...