#format wiki
#language en
= Linux Disk Encryption =
 * Links [[ecrypt]] , [[[https://blobfolio.com/2018/replace-grub2-with-systemd-boot-on-ubuntu-18-04/|2018-systemd-boot]]
 * Options
   * Ontop of mounted disk, e.g. homedrive or loop module
   * Full disk, key entered at bootup
      * http://blog.neutrino.es/2011/unlocking-a-luks-encrypted-root-partition-remotely-via-ssh/
      * http://nyeggen.com/blog/2014/04/05/full-disk-encryption-with-btrfs-and-multiple-drives-in-ubuntu/
      * http://roosbertl.blogspot.com/2012/12/centos6-disk-encryption-with-remote.html
   * Only partial.
   * Single loopback file e.g. luks.
   * Multi disk layered
     1. disks -> lvm -> encryption -> fs
     1. disks -> individual encrypted -> combined (lvm/btrfs)

 * Ideal would be to have encryption built into BTRFS so we can easily span multiple disk.

 * # cryptsetup -y -v luksFormat /dev/xvdc

...
----
CategoryLinux CategorySecurity