Linux whole data disk encryption

This post give the main steps to achieve full data disk encryption. The disk password will be required during boot time. You will need the device name of the disk to perform this procedure. MAKE SURE YOU HAVE THE RIGHT DEVICE NAME. OTHERWISE, YOU WILL LOSE DATA!!! We will use the device /dev/sdz below. This procedure is valid only for data disk.

  1. It is recommended that you wipe the device before encrypting it. This step is optional.
    sudo wipefs -a /dev/sdz
  2. Encrypt the disk
    sudo cryptsetup --verbose --verify-passphrase luksFormat /dev/sdz
  3. Open the device
    sudo cryptsetup open /dev/sdz sdz
  4. Create the file system. DiskLabel can be anything. It should describe the content of the disk.
    sudo mkfs.ext4 -m 0 -L DiskLabel /dev/mapper/sdz
  5. Mount the partition to test it.
    sudo mount /dev/mapper/sdz /mnt
  6. Unmount the partition
    sudo umount /mnt
  7. Close the disk
    sudo cryptsetup close sdz

Follow these steps to open the disk and mount the partition. They assume that the device name is /dev/sdz.

  1. Open the encrypted disk. Take note that the last parameter may be any string.
    sudo cryptsetup open /dev/sdz sdz
  2. Mount the partition on the /mnt mount point. The mount point can be any empty directory.
    sudo mount /dev/mapper/sdz /mnt

Follow these steps to unmount the partition and close the disk. They assume that the disk was mounted using the steps above.

  1. Unmount the partition, assuming it was mounted on /mnt.
    sudo umount /mnt
  2. Close the disk
    sudo cryptsetup close sdz

Leave comment

Your email address will not be published. Required fields are marked with *.

Time limit is exhausted. Please reload the CAPTCHA.