Unix and Linux Stack Exchange
Unix and Linux Stack Exchange

Questions tagged [dm-crypt]

154 questions
26
votes
5 answers

How can I set a label on a dm-crypt+LUKS container?

I just received a new USB flash drive, and set up 2 encrypted partitions on it. I used dm-crypt (LUKS mode) through cryptsetup. With an additional non-encrypted partition, the drive has the following structure: /dev/sdb1, encrypted, hiding an ext4…
John WH Smith
  • 15,500
  • 6
  • 51
  • 62
25
votes
1 answer

Abysmal general dm-crypt (LUKS) write performance

I am investigating a problem where encrypting a block device imposes a huge performance penalty when writing to it. Hours of Internet reading and experiments did not provide me with a proper understanding, let alone a solution. The question in…
schlimmchen
  • 1,307
  • 2
  • 12
  • 16
24
votes
3 answers

Trim with LVM and dm-crypt

I tried to setup TRIM with LVM and dm-crypt on ubuntu 13.04 following this tutorial: http://blog.neutrino.es/2013/howto-properly-activate-trim-for-your-ssd-on-linux-fstrim-lvm-and-dmcrypt/ See the notes about my configuration and my testing…
student
  • 17,875
  • 31
  • 103
  • 169
22
votes
2 answers

How to change the name an encrypted full-system partition is mapped to

My system is fully encrypted with dm-crypt and LVM. I recently moved the encrypted partition from /dev/sda5 to /dev/sda2. My question is: how can I change the name the encrypted partition is mapped to from sda5_crypt to sda2_crypt? I can boot the…
n.r.
  • 2,173
  • 3
  • 18
  • 30
19
votes
1 answer

What does `cryptsetup resize` do if LUKS doesn't store partition size?

The LUKS / dm-crypt / cryptsetup FAQ page says: 2.15 Can I resize a dm-crypt or LUKS partition? Yes, you can, as neither dm-crypt nor LUKS stores partition size. I'm befuzzled: What is "resized" if no size information is stored? How does a…
Tom Hale
  • 28,728
  • 32
  • 139
  • 229
19
votes
2 answers

How to change the hash-spec and iter-time of an existing dm-crypt LUKS device?

How can I change the hash-spec and iter-time of an existing dm-crypt LUKS device? Clearly I can pass the options if I create a new device, for example something like this: sudo cryptsetup luksFormat --cipher aes-cbc-essiv:sha256 --key-size 256…
student
  • 17,875
  • 31
  • 103
  • 169
11
votes
2 answers

How to encrypt my system such that suspend to RAM works and is also encrypted

How can I encrypt my system (at best using lvm + dm-crypt/luks) such that suspend to RAM works and that everything is in an encrypted state when suspended to RAM?
student
  • 17,875
  • 31
  • 103
  • 169
11
votes
1 answer

fstrim doesn't seem to trim a partition that uses lvm and dm-crypt

I try to setup Fedora 25 with dm-crypt and LVM, but struggle to make TRIM work. $ sudo fstrim -av /boot: 28.6 MiB (30003200 bytes) trimmed /: 56.5 GiB (60672704512 bytes)…
NefariousOctopus
  • 491
  • 6
  • 22
9
votes
2 answers

How to mount a cryptsetup container just with `mount`?

I created an encrypted container via #!/bin/bash dd if=/dev/zero of=$1 bs=1 count=0 seek=$2 MAPPER=$(mktemp -up /dev/mapper) LOOPDEV=$(losetup --find --show $1) cryptsetup luksFormat $LOOPDEV cryptsetup luksOpen $LOOPDEV $(basename…
Tobias Kienzler
  • 9,184
  • 13
  • 65
  • 106
9
votes
1 answer

Filesystem types for encrypted partitions

I wish to encrypt two external hard drives using dm-crypt/LUKS for whole-disk encryption. I want one hard drive to have an ext4 filesystem for Linux use only, and the other to have an NTFS filesystem, for possible future access from Windows, as well…
Emma
  • 91
  • 1
  • 2
9
votes
1 answer

How to open multiple LUKS volumes with key entered in initramfs?

I have a Debian 7.4 (stable) based server configured to use an encrypted (RAID1 + LVM) root partition (/boot is un-encrypted regular partition) to which I installed dropbear SSH server so I can remotely enter the LUKS encryption passphrase. In…
Dago
  • 191
  • 1
  • 3
8
votes
2 answers

Change encrypted partition UUID

I'm trying to change a partition's UUID, the problem is that I'm trying to change an encrypted volume. So I can't use the usual method described here. Since it throws the following error: tune2fs: Bad magic number in super-block while trying to open…
Hacktivista
  • 183
  • 1
  • 3
8
votes
1 answer

Full disk encryption with dm-crypt (without LUKS)

I am currently trying to achieve full disk encryption using dm-crypt in plain mode without LUKS header with a separate /boot on USB stick. My main goal is to achive plausible deniability on a Debian-based distro. For now I've managed to encrypt…
Rowen
  • 81
  • 1
  • 2
8
votes
1 answer

Trying to understand LUKS encryption

I decided to encrypt my root partition with LUKS+LVM. My ThinkPad setup: Samsung 830 128GB SSD 750GB HDD Core 2 Duo 2,5 GHz P9500 8GB RAM But the more I read, the less I understand about those two following subjects: 1a. The cipher I was going to…
lockheed
  • 530
  • 5
  • 11
7
votes
1 answer

Will using a compressed filesystem over an encrypted volume improve performance?

Encryption/decryption is often the main bottleneck when accessing an encrypted volume. Would using a filesystem with a fast transparent compression (such as BTRFS + LZO) help? The idea is that there would be less data to encrypt, and if the…
Petr
  • 1,624
  • 2
  • 19
  • 35
1
2 3
10 11