You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
31 lines
892 B
31 lines
892 B
# HOWTO add encrypted drive to an existing system.
|
|
|
|
exit 0
|
|
|
|
# XXX Change device names as appropriate
|
|
fdisk /dev/nvme1n1
|
|
# Make gpt partition
|
|
# Make linux parition full disk size
|
|
|
|
# --hash, --cipher --key-size, --key-slot --label
|
|
cryptsetup luksFormat /dev/nvme1n1p1
|
|
# or like:
|
|
cryptsetup --verbose --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-urandom luksFormat /dev/nvme1n1p1
|
|
|
|
# "devel: (arbitrary name) is named now:
|
|
cryptsetup luksOpen /dev/nvme1n1p1 devel
|
|
# Format drive:
|
|
mkfs.ext4 /dev/mapper/devel
|
|
|
|
# Add to /etc/crypttab:
|
|
devel UUID=00000000-0000-0000-0000-000000000000 none luks
|
|
|
|
# Add to /etc/fstab:
|
|
# Note this UUID is not the same as the UUID in the crypttab
|
|
UUID=00000000-0000-0000-0000-000000000000 /srv/devel ext4 defaults 0 2
|
|
|
|
# To change password:
|
|
cryptsetup -y luksAddKey /dev/nvme1n1p1
|
|
cryptsetup luksRemoveKey /dev/nvme1n1p1
|
|
|