[Cipher] [ArchLinux] [Disk Encryption] [Btrfs] Disk partition encryption + Btrfs

Popular Links: https://wiki.archlinux.org/index.php/Disk_encryption

The previous link about hard disk encryption, said a few, basically is selected Dm-crypt with LUKS

In grub, decrypt the root partition and the/boot partition.

Dm-crypt Document: Https://wiki.archlinux.org/index.php/Dm-crypt

Use Dm-crypt to encrypt a non-root partition. Https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_a_non-root_file_system

Two encryption methods for Dm-crypt: PLAIN, LUKS (Linux Unified Key Setup).

I do not know exactly what the difference is, simply speaking is luks in the file system (hard disk partition?). ) stores metadata related to encryption of encrypted information. And the plain did not. Luks is the default way of Dm-crypt.

A bunch of broken documents are not as clear as the Man manual.

DESCRIPTION       cryptsetup  is  used  to  conveniently setup Dm-crypt managed Device-mapper mappings. These include plain dm-crypt volumes       and is, LUKS uses a metadata header and can hence offer mor E features than plain dm-crypt.       on the are visible and vulnerable to damage.

This man, written so well, in the man I have seen can be ranked in the top three.

/home/tong/bin [[email protected]] [:]> Man cryptsetup

A: Get a virtual machine to do experiments first:

0.0. 0.0:11 -M 1g-drive file=disk.qcow2,if=virtio-net bridge-net nic,model=virtio- CDROM. /iso/archlinux-2017.05.  on

Two: Encrypt non-root partition

1. Format the Luks partition

[Email protected] ~ # cryptsetup luksformat/dev/vdawarning!========/dev/VDA irrevocably. is you sure?  /dev/vda  5012.157

You can add a parameter keyfile to the rear. It means to use the contents of the KeyFile as a password.

2. Mount the encrypted partition (decrypt)

[Email protected] ~ # cryptsetup open/dev/ for/dev/~ # ll/dev/mapper/1 7 June  1:/dev/mapper/vd_root . /dm-0

3. Initializing the file system

[Email protected] ~ # Mkfs.xfs/dev/mapper/vd_root           

4. Mount the Use

[Email protected] ~ # mount/dev/mapper/vd_root mnt [email protected]~# Lltotal9-rw-r--r--1Root root8864May1  -:GenevaINSTALL.TXTDRWXR-xr-x2Root root6June2  on: AboutMnt[email protected]~# CD MNT [email protected]~/MNT # lltotal0[email protected]~/MNT # Touch123[email protected]~/MNT # Touch Txt[email protected]~/mnt # VIM txt [email protected]~/mnt # cat txt123456[email protected]~/mnt # ls123Txt[email protected]~/MNT # lltotal4-rw-r--r--1Root root0June2  on: $ 123-rw-r--r--1Root root7June2  on: $Txt[email protected]~/MNT # CD.

5. Uninstall shutdown

[Email protected] ~~ ~ # ll/dev/0crw1236 June  1:

Third, encrypt the whole system

Https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system

There are various ways to include boot partition encryption and so on. A lot of content

boot partition, MBR encryption: https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Securing_the_unencrypted_boot_partition

Chkboot (check if the partition is changed by string?) ）

First, I chose the simple way to create btrfs on the Luks. View the Btrfs section of the document above.

More information of Btrfs, branch here: http://www.cnblogs.com/hugetong/p/6934247.html

The key to system-wide encryption is initrd,grub,boot partition, and kernel.

Partitioning is no different from a non-root partition and is no longer described.

[Cipher] [ArchLinux] [Disk Encryption] [Btrfs] Disk partition encryption + Btrfs