User Tools

Site Tools


howtos:encrypted_disk_partition

Quick'n'Dirty how to make a LUKS encrypted disk partition.

I'm encrypting the first partition on the disk called hdc.

Make luks device:

cryptsetup -y --cipher aes --key-size 128 luksFormat /dev/hdc1

If you choose to use sha256 instead, you will get something like this:

Failed to setup dm-crypt key mapping.
Check kernel for support for the aes-cbc-essiv:sha256 cipher spec and verify that /dev/hdc1 contains at least 133 sectors.

This is because you're using the geode_aes kernel module which only support sha128. You can get it to “eat” a sha256 but you will have to unload geode_aes (sudo rmmod geode_aes) and load the generic aes module (sudo modprobe aes). There is however a speed penalty when doing it like this. I don't know why though, maybe there is some hardware acceleration involved when using the geode_aes module. If you play with Truecrypt you will also see some errors related to this problem. You can probably get it working using a sha128 but I haven't spent time figuring it out.

Open the LUKS:

cryptsetup luksOpen /dev/hdc1 encdisk

Make filesystem:

mkfs.ext3 -j -m 1 -O dir_index,filetype,sparse_super /dev/mapper/encdisk

Mount device for use:

mount /dev/mapper/encdisk /share/encrypteddisk01

Unmount device:

umount /share/encrypteddisk01
cryptsetup luksClose encdisk
howtos/encrypted_disk_partition.txt · Last modified: 02/12/2018 20:34 by 127.0.0.1