Questions tagged [disk-encryption]
The disk-encryption tag has no summary.
318 questions
4
votes
1
answer
334
views
LUKS keyslot damaged?
I have two LUKS-encrypted SSDs in my laptop: one is the system SSD (nvme0n1), which contains my Home folder encrypted with eCryptfs, and the other is a Data SSD (nvme1n1), which is fully LUKS-...
- 41
4
votes
1
answer
586
views
Is encrypting the login keyring necessary if you have full disk encryption?
For laptops with fingerprint sensors, logging in using fingerprints does not unlock the login keyring because it needs the password (usually set to be the same as the user password). I am considering ...
- 831
1
vote
1
answer
85
views
Can a LUKS volume on a USB drive be opened at boot?
I have a new install of Debian 13 with a LUKS-encrypted hard drive (/dev/sda) with LVM. I am trying to add another encrypted drive to the LVM volume group as a new physical drive. For this, I am ...
- 371
-1
votes
1
answer
102
views
Is the following way of encrypting hard drive using file encryption safe?
Assuming that I want to encrypt/decrypt a hard drive corresponding to /dev/sdX, the following is the procedure I have for doing so:
Encryption:
Write the hard drive's data into a file (e.g. ./tmp), ...
- 71
0
votes
0
answers
63
views
How to automount eCryptfs volume at boot (without login)?
We have two servers. Application sever A and NFS file server B. Server B is shared among multiple various applications and it's generic NFS storage host that we don't have access to and it's corporate ...
- 1,363
0
votes
0
answers
81
views
Remotely boot a PC running Ubuntu 24+ using an encrypted hard drive
I am running Ubuntu server 24+ and desktop and also Kubuntu 24+ and I installed all of them using the encryption option. Now, every time I turn on one of those machines I need to personally enter the ...
2
votes
1
answer
243
views
Unable to unlock encrypted drive on Kali Linux installation
A friend of mine had someone install Kali on his Lenovo thinkpad. He provided the username and password which I believe is for logging into the system. The only issue is that I think he encrypted the ...
- 21
0
votes
2
answers
208
views
how to create a two encrypted partitions out of a 1tb SSD drive?
i recently bought a new laptop an HP Essentials Business Laptop seen on Amazon as: HP Essential Business Laptop, 17.3" FHD Display, Intel Core i5-1334U, 32GB RAM, 1TB PCIe M.2 SSD, Wi-Fi 6, ...
- 161
0
votes
0
answers
71
views
How to only suppress warning outputs from cryptsetup?
In Linux in Bash i run a script with some cryptsetup calls like
--luks2-metadata-size=16k --luks2-keyslots-size=256k .... luksFormat ....
that brings Warning outputs.
I know and understand, but i ...
- 539
1
vote
1
answer
64
views
Does dm-crypt waste device space?
That is, when a device-mapping is created manually with the dm-crypt target, is the resulting device smaller than the backing device?
What is the missing space used for?
Will the answer change ...
- 149
0
votes
0
answers
108
views
Converting LUKS to LUKS2 breaks password
I've got a system with LUKS partitions. I'd like to convert them to LUKS2 to see if I can simplify my setup using partition labels.
When I run cryptsetup convert <partitionNode> --type LUKS2 it ...
- 857
0
votes
1
answer
73
views
Data Recover from Encrypted LUKS Partition | Missing Files
I have been having some issue unmounting my encrypted drive recently. This lead to it being forceably removed instead of ejected.
It appears to have some done some damage to the drive as, although I ...
- 111
1
vote
1
answer
390
views
Minimizing the size of the LUKS Header
With cryptsetup I will create some LUKS encrypted files with detached header. In the files I will write once and read repeatedly. I do not need to change any key.
How can the size of the header be ...
- 539
0
votes
0
answers
155
views
what is the smallest possible size when creating a luks2 header
What is the smallest possible size when creating a luks2 header?
How to create one under 16 Mib?
- 539
1
vote
2
answers
548
views
How to open an USB's encrypted /boot automatically
My situation is a bit unique:
The scenario ~
I have successfully encrypted my root partition and boot partitions. My boot partition lies on my usb along with the /boot/efi on a separate unencrypted ...
- 11
0
votes
1
answer
381
views
ZFS: Keyformat required for new encryption root
I am trying to create a filesystem in ZFS with the following command:
zfs create -o compression=on -o recordsize=1M -o encryption=on pool/dataset
I am unable to do so, since I receive the following ...
- 101
0
votes
1
answer
397
views
ZFS error for load-key
I've tried everything I know until I'm exhausted. Please, if you can help me, I need to access my project stored on my hard drive.
The command I used:
sudo zfs load-key rpool/ROOT/ubuntu_uy913x
And ...
- 41
1
vote
1
answer
2k
views
Unable to mount encrypted ZFS filesystem after reboot
Key load error: Failed to open key material file: Input/Output Error.
Command: `mount -o zfsutil -t zfs rpool/ROOT/ubuntu_uy913 /root/`.
Message: `zfs_mount_at() failed: encryption key not loaded`.
`...
- 41
0
votes
1
answer
285
views
Ext4 filesystem in LUKS container - container size calculation
On my Linux system I have a file "1gb.file" that is 1073741824 bytes in size.
This file I'll put into a LUKS container ("1gb.file.crypt") with ext4 filesystem inside.
What size ...
- 539
1
vote
0
answers
93
views
Security implications of avoiding extra password prompt in /boot encryption? Do GRUB and Linux compare against the same hash?
I am following this guide on full disk encryption, including /boot. Section 4 involves placing a key that can decrypt /boot and / into the initramfs image contained in /boot, so that once you unlock /...
- 105
0
votes
2
answers
192
views
How to make the key slot to unlock at GRUB stage to be the first active one?
I am following the Debian dev's guide to full disk encryption to secure an Ubuntu machine and I am confused at section 3. It states:
Note: cryptomount lacks an option to specify the key slot index to ...
- 105
0
votes
1
answer
1k
views
GRUB password seems useless, so why even bother?
My system has full disk encryption except for /boot. I've set a GRUB password by following this post, but then was able to disable it by booting into Kali Live and running:
mkdir /mnt/dev/sda2
sudo ...
- 105
3
votes
2
answers
876
views
How to create an encrypted RAM-disk as a regular user?
Is it possible to create an encrypted RAM-disk as a regular user (without requiring sudo). (with FUSE or similar tools)?
Note that the use-case here is to edit sensitive data, there are of course in-...
- 1,481
1
vote
1
answer
211
views
What is correct cipher name for the cryptsetup to use HCTR2 wideblock encryption?
By googling, trial and error I came up with the following string:
cryptsetup benchmark -c aes-xctr-plain64
but I'm not sure whether it is correct.
The cipher spec aes-xctr-plain64,polyval-generic ...
- 153
2
votes
1
answer
130
views
Is there any e4crypt kernel side documentation?
I'm trying to understand e4crypt and fscrypt, and also how they differ. But it is hard to find documentation on e4crypt other than the command line tool man page and some old tutorials.
Is there any ...
- 1,451
0
votes
0
answers
379
views
How do you decrypt an f2fs partition?
I have got an encrypted f2fs image, I know the password, I'm able to mount it via sudo mount -t f2fs mmcblk0p64.img /mnt/mmcblk0p64 so it doesn't appear broken or anything, and f2fscrypt recognizes ...
- 401
1
vote
1
answer
151
views
How to create a dm-crypt block device in /dev/mapper without wiping it?
I can create a dm-crypt filesystem with:
root@smarcimx8mq4g:~# cat /data/caam/randomkey | keyctl padd logon logkey: @s
731358804
root@smarcimx8mq4g:~# dmsetup -v create encrypted --table "0 $(...
- 1,133
0
votes
0
answers
411
views
Issues encrypting root partition with Luks
I was given a "golden image" of an out of date production server and was instructed to update and harden the OS for production delivery. The issue I am running into is that LUKS. I am using ...
- 1
1
vote
1
answer
420
views
ZFS remove password
I have an encrypted ZFS partition, but I'd like to remove the password not to type any password when booting. Is it possible, ideally without decrypting each file one by one? For instance what happens ...
- 4,701
1
vote
0
answers
75
views
Accesing encrypted HDD after reinstalling OS (Linux)
I have two drive on my PC:
SSD
HDD
OS (Debian) was installed on SSD. HDD was formatted and encrypted from Gnome Disks from installed OS.
In Gnome Disks information about HDD looks like:
Now I need ...
- 113
0
votes
0
answers
129
views
encrypting a remote VPS, and letting it boot without entering a password
I Have rented a VPS and I want to encrypt it's data, at least on the /home directory, because I don't want the owners of the VPS to have a look at the content of my data.
But the server already has ...
1
vote
1
answer
417
views
erase hardware-encrypted SSD
Disclaimer
I'm not robbing someone, didn't rob someone in the past and don't plan to do so anytime soon.
Situation
Imagine I own a Samsung 2.5" SSD (850, 860 or the like) which is encrypted.
If ...
- 23
3
votes
1
answer
1k
views
LUKS password correct, but not accepted
I am attempting to install Kali on a laptop, which should normally be straightforward. However, on this particular device, the Kali installer errors upon writing the partition changes to disk for some ...
- 531
0
votes
1
answer
62
views
Deleted LUKS Disk
I had a dual-boot laptop setup with an encrypted BIOS. I then removed my Manjaro installation and deleted all of the partitions, including the Manjaro partition, which included my LUKS disk. When I ...
user594163
0
votes
1
answer
414
views
Is it risky to use hibernation in Ubuntu?
I've read that hibernation often causes trouble in Linux environments, e.g. system fails to wake-up or freezes and sometimes even refuses booting after reset. I really like the idea of hibernating the ...
- 143
1
vote
1
answer
841
views
How to configure waiting time for LUKS password
My /home partition (on Linux Debian testing) is encrypted with LUKS.
$ mount|grep home
/dev/mapper/home-crypt on /home type ext4 (rw,relatime)
Configuration via /etc/crypttab:
home-crypt UUID=...
- 233
1
vote
1
answer
254
views
LUKS Encryption - Readable content
In LUKS, only files get encrypted, not the entire drive.
So my question is, what is accessible if just files are encrypted. For example:
Are file paths or file names visible? (Eg: For Enrypted ZIP ...
0
votes
0
answers
3k
views
Full disk encryption (and decrypt on boot) for existing Debian installation (bookworm)
I have an existing Debian system and there is a need to encrypt the disk at rest. Searching online (and here) I see that the only way to do it is to do a fresh installation, this time with LUKS on. I ...
- 378
0
votes
0
answers
259
views
How to recover data off of a broken linux system with full-disk encryption
I am running Manjaro. I have it set up with full-disk encryption through LUKS. Booting up my computer I noticed some things were weird, like some of my settings had reverted to their default. I tried ...
- 23
1
vote
1
answer
195
views
How to create an entire backup of a disk to fall back to before performing a dist-upgrade?
I am preparing a dist-upgrade. Before I do that I want to make a backup of my entire disk so that even if the upgrade fails I can fall back to a backup. I have two SSDs, /dev/nvme0n1 which is the ...
- 11
1
vote
1
answer
159
views
Does LUKS disk encyption break SLC caching on QLC/TLC SSDs?
It seems that modern SSDs degrade in performance the more data they are holding.
My understanding is that this is because manufacturers put less and less storage cells on the SSDs relative to their ...
- 1,191
1
vote
2
answers
1k
views
Check if a block device is Bitlocker encrypted
Ubuntu 22.04 can decrypt and read a BitLocker-encrypted device/partition without a need of installing any additional software (older releases can as well, perhaps, but I have not seen it)
How can a ...
- 111
2
votes
1
answer
1k
views
Does the UUID of a LUKS partition change after re-encryption?
I want to re-encrypt a system and swap partitions on EndeavourOS. The issue is that in many files (crypttab, mikinicpio, fstab, etc) the exact UUID of the LUKS partition is built in, meaning I would ...
user549014
4
votes
1
answer
3k
views
Second disk encryption using LUKS
I'm looking for a clear tutorial on how to do this but I'm encountering insufficient information everywhere.
Namely, I have a laptop with the following disk configuration:
Drive one has Fedora 38 ...
- 41
0
votes
1
answer
104
views
Why would the firefox of my running system automatically open files from an external USB drive that used to be the boot-drive of another system?
I have an SSD that another laptop was booting from (before the other hardware in that laptop failed)
but now I'm using it in one of those little SATA enclosure shell adapter things
in order to access ...
- 23
2
votes
1
answer
2k
views
How to increase the size of a LUKS file-container
There are many tips on how to resize (increase) a LUKS2 encrypted device / partition / LVM volume. But how to increase the size of the LUKS container created in the file?
I once created:
dd if=/dev/...
- 177
9
votes
1
answer
2k
views
Low performance of encrypted SSD
I have a 128GB Somnambulist SSD. I know this brand is one of the worst. I measured the speed using GNOME Disk Utility, and it showed a read/write speed of 420/340.
After encrypting the SSD with Debian ...
- 432
1
vote
1
answer
549
views
Random wipe free space: dd if=/dev/urandom vs LUKS format-erase, which is more secure, any pitfalls?
The ArchLinux Wiki on dm-crypt advices overwriting new storage devices or partitions with random data before using them for encrypted volumes. There are two ways I have used to achieve this, but I ...
- 11
0
votes
1
answer
540
views
Unable to boot after GRUB_CMDLINE_LINUX="console=tty12"
I changed GRUB_CMDLINE_LINUX="" to GRUB_CMDLINE_LINUX="console=tty12".
My disk is crypted and I need to insert the password, but I don't know how to write over that console and ...
2
votes
1
answer
626
views
Is it possible to check if a LUKS device has been damaged by a foreign person?
Let's assume I lost a LUKS encrypted USB pen drive. I think the file system type (ext4/fat32/...) doesn't play a role. A foreign person finds it. Of course he cannot access my data because he doesn't ...
- 1,022