Questions tagged [luks]

LUKS (Linux Unified Key Setup) is a disk-encryption specification. It is the standard for Linux hard disk encryption.

LUKS (Linux Unified Key Setup) is a disk-encryption specification. It is the standard for Linux hard disk encryption. LUKS stores all setup necessary setup information in the partition header, enabling the user to transport or migrate his data seamlessly.

Website: http://code.google.com/p/cryptsetup/

Wikipedia: http://en.wikipedia.org/wiki/Linux_Unified_Key_Setup

150 questions
29
votes
2 answers

ZFS RAID and LUKS encryption in Linux

I'm planning to setup a set of 3x 2TB 7200rpm drives as a LUKS-encrypted Z-RAID pool in Linux (for a NAS solution). My understanding of the problem at hand is that the only way to achieve this is to luksFormat every physical device and then…
MasterM
  • 1,031
  • 2
  • 11
  • 18
18
votes
3 answers

Using fsck to check and repair LUKS encrypted disk?

My Ubuntu 11.04 machine uses LUKS encryption for root, swap and home. A routine fsck -n revealed a set of errors I need to repair. fsck requires to unmount the partitions. Before luks I would simply boot from a USB stick and fix run fsck from there.…
stwissel
  • 640
  • 2
  • 7
  • 21
17
votes
1 answer

Creating a grow-on-demand encrypted volume with LUKS

I am trying to create an encrypted, growing-as-needed file system in with Linux. I am familiar with LUKS and cryptsetup. I can create an empty file: fallocate -l 512M /root/image I can create a LUKS container on it: cryptsetup -y luksFormat…
Merc
  • 719
  • 1
  • 6
  • 16
15
votes
1 answer

Resizing a LUKS encrypted volume

I have a 500GiB ext4 filesystem on top of LUKS on top of an LVM LV. I want to resize the LV to 100GiB. I know how to resize ext4 on top of an LVM LV, but how do I deal with the LUKS volume? mgorven@moab:~% sudo lvdisplay /dev/moab/backup ---…
mgorven
  • 30,036
  • 7
  • 76
  • 121
14
votes
4 answers

Can cryptsetup read mappings from /etc/crypttab?

I have a virtualized CentOS 7 server that needs to mount multiple password-protected encrypted volumes. I cannot automatically map the devices on boot, because I don't have access to the console during the boot process to enter the decryption…
Craig Finch
  • 370
  • 1
  • 4
  • 12
11
votes
3 answers

Is it possible to hardware accelerate LUKS encryption?

My Linux server spends a lot of time computing LUKS encryption. Is there any way to hardware accelerate it (with a PCI express card for example)?
Glendyr
  • 601
  • 2
  • 7
  • 12
10
votes
2 answers

How to open unmounted luks volume which believes it is open

I took a snapshot of a (live) luks encrypted block device, copied it to another system and am now trying to open it, but am unable to do so. Any help with solving this problem would be much appreciated. The copied image is currently sitting on its…
davidgo
  • 5,964
  • 2
  • 21
  • 38
10
votes
2 answers

How to non-interactively supply a passphrase to 'dmcrypt luksFormat'?

I'm writing a script which automatically sets up testing environment virtual machines. This script should automatically format a dmcrypt+LUKS partition for me, with a certain passphrase. Because this is a local testing environment I don't care about…
Hongli Lai
  • 2,112
  • 4
  • 22
  • 27
8
votes
4 answers

On Ubuntu 11.10, is it possible to decrypt 2 hard disks encrypted with LUKS / LVM by entering only one passphrase at boot?

here the configuration I have : - 2 hard drives, - first one is encrypted using LUKS and LVM. I'd like to add in the volume group encrypted a second hard drive. I have successfully installed it and encrypted it. But when I boot, I have to enter 2…
AlBundy
  • 121
  • 4
7
votes
2 answers

LUKS Error During Boot

alg: drbg: could not allocate DRNG handle for ... I only see this error on the console during the boot process of virtual machines we create. EDIT: 2/5/16 - I see it on some bare-metal installations, too. (It does proceed to boot completely.) I…
Aaron Copley
  • 12,345
  • 5
  • 46
  • 67
7
votes
2 answers

How secure/private is full disk encryption on a VPS?

Security principles say that if someone else has physical access to a machine, then there is no security/privacy. I'm wondering about some examples of this in the case where I want to have a hosted Virtual Private Server (VPS) with full disk…
user779159
  • 395
  • 1
  • 4
  • 10
7
votes
1 answer

How to skip the luksFormat prompt?

If I setup a new luks volume with "cryptsetup --verbose --cipher=aes-cbc-essiv:sha256 --key-size=256 luksFormat /dev/foo /my/keyfile" it requires me to enter "YES" to actually do anything. Is there a way to skip this prompt, so I can just run it…
Sec
  • 307
  • 4
  • 12
7
votes
1 answer

Does LUKS also encrypt free space?

I have moved to Ubuntu 12 and chosen to use full disk encryption (encrypted LVM). So now I'm wondering: should I shred (eg: with secure-delete package, srm) the free disk space to remove any remnant windows might have left? Is free disk space…
HappyDeveloper
  • 654
  • 2
  • 6
  • 13
7
votes
0 answers

Write performance is 5 times worse with LUKS on top of mdadm RAID10 than without LUKS

I have servers with many NVMe disks. I am testing disk performance with fio using the following: fio --name=asdf --rw=randwrite --direct=1 --ioengine=libaio --bs=16k --numjobs=8 --size=10G --runtime=60 --group_reporting For a single disk, LUKS…
tacos_tacos_tacos
  • 3,220
  • 16
  • 58
  • 97
6
votes
0 answers

cryptsetup cannot close mapped device

When I run: LANG=C cryptsetup --debug luksClose /dev/mapper/Pool-A it fails as follows: device-mapper: remove ioctl on Pool-A failed: Device or resource busy Device /dev/mapper/Pool-A is still in use. Command failed with code 16: Device or…
sebelk
  • 642
  • 3
  • 13
  • 32
1
2 3
9 10