Questions tagged [luks]
LUKS stands for Linux Unified Key Setup, a disk-encryption specification. (It does not refer to Rodopi Luks cigarettes!)
301
questions
0
votes
1
answer
84
views
Managing LUKS encrypted swap files/volumes. Manual mounting on remote dedicated servers, boot behavior, and fstab settings
I would like to setup an as simple as possible encryption at rest solution for a remote dedicated server. The host I am using will provide physical disks and there is no off the shelf solution for ...
- 101
1
vote
0
answers
54
views
Recover damaged & luks-encrypted BTRFS partition
Here's my problem:
I have a Virtual Machine that I had to reset because the UI became very buggy after I tried to mount a hot-pluggable virtual disk image to copy some files.
Well that was actually ...
4
votes
1
answer
389
views
Is there a way to move a LUKS-encrypted btrfs volume to the right?
I want to move a LUKS-encrypted btrfs volume to the right. GParted is telling me it knows how to move the LUKS layer to the right, but it doesn’t know how to move the btrfs layer to the right. Can I ...
- 1,317
0
votes
3
answers
199
views
Hard time understanding LUKS encryption
I'm reading and studying for my LPI-1 exam, when I came across LUKS for disk encryption. I found it super cool and went to try it on my home lab, in my Debian machine. Installed everything, encrypted ...
2
votes
1
answer
501
views
How to permanently delete a LUKS encrypted partition?
I have been using a LUKS encrypted partition as my /home directory on Manjaro. However, as I have to resize and move a few of my disk partitions, I would like to get rid of it. On Manjaro, I have ...
- 31
0
votes
1
answer
108
views
Converting Linux partition to crypto_LUKS
I'm currently working on RHEL 8.9 and attempting to harden a VM of mine, and looking into applying the crypto_LUKS encryption to my active partitions. When I check my partitions using the blkid ...
- 1
0
votes
1
answer
126
views
Booting a LUKS-encrypted drive with a flash drive, falling back to keyboard
I have some systems configured using GRUB as my bootloader, with an unencrypted boot partition and everything else using LVM-on-LUKS. Right now, the only way to unlock the system is for me to ...
- 612
0
votes
0
answers
33
views
Can I dd from one opened luks container to another?
I want to migrate my encrypted data from one drive to another. Both source and target should be encrypted. I've read in some other question, that I should create a new container, so that the superkey ...
- 101
0
votes
0
answers
78
views
Reducing the size of a LVM on LUKS generated warnings
Hi I have been following this helpful guide (https://wiki.archlinux.org/title/Resizing_LVM-on-LUKS) on how to reduce the size of my filesystem and partitions to generate roughly 100G of free space on ...
0
votes
0
answers
38
views
No completly encrypt and mount LVM during boot after update to bookworm
few day ago I update system and then problems begin to happen.
During boot I were thrown to initramfs (no drive found), so only option to continue is to do command below:
cryptsetup luksOpen /dev/...
- 1
1
vote
2
answers
197
views
LUKS container gone due to Windows partition
I plugged a HDD with a LUKS container on it into Windows and opened the Disk Manager. A dialog appeared where I clicked "Format as GPT", not knowing what I was doing. Apparently Windows wasn'...
- 111
1
vote
1
answer
127
views
How can I recover 2 LUKS2 partitions formatted by mistake?
I wanted to install a new Linux distro so I deleted the previous partitions used for Fedora install at the beginning of the disk ~120 Gb and I had the rest of the 2/3 of the disk compose out of 2 ...
- 11
1
vote
1
answer
41
views
write() syscall on LUKS partitions
To my understanding, when the write() syscall is called, it writes the data to the OS buffer then returns. My question, in LUKS partition context, are:
Does write() encrypt data then write to OS ...
- 13
0
votes
0
answers
227
views
How to encrypt with LUKS a live Ubuntu usb stick that has been customized with Cubic?
I'm using Cubic (https://github.com/PJ-Singh-001/Cubic) to create a custom Ubuntu. So far so good, everything is going smoothly.
However, I would like to encrypt the USB stick that contains my custom ...
- 101
1
vote
1
answer
856
views
Mount a LUKS partition without manually supplying a passphrase
I'd like to add a LUKS partition to a remote VPS. However, the VPS must automatically re-boot itself occasionally (about every 10 to 14 days) because it auto-installs security updates. Is this ...
- 125
0
votes
0
answers
65
views
Why has my LUKS volume started showing that it has an unexpected second partition?
I have 3 disks:
/dev/sdb is a 2TB HDD
/dev/sdc is a 1TB HDD
/dev/sdd is a 1TB HDD
I used cryptsetup to format these 3 drives with LUKS. I then created a BTRFS raid1 volume using the 3 devices.
As ...
- 1
0
votes
0
answers
249
views
Unable to unlock luks from crypttab or key-file
My home is stored in a luks partiton whose passphrase is stored on a usb key.
I have been using this setup for a few years and my home usually unlocks itself at boot from the following crypttab :
user@...
- 111
2
votes
1
answer
1k
views
LUKS encryption using passphrase + TPM
I have questions about secure boot and TPMs and I couldn’t find precise answers on the web, so I’m hoping someone skilled in this domain will be able to answer.
In a case of an evil maid attack, what ...
- 31
0
votes
0
answers
116
views
Compacting VHDX containing LUKS encrypted partition
I simply cannot convince my VHDX to compact. It's the boot drive for a Ubuntu VM in Hyper-V, and the system partition is encrypted with LUKS.
What I've tried is attaching the VHDX to an entirely new ...
- 101
1
vote
1
answer
488
views
debian installer doesnt allow for specific LUKS combination of multiple drives
so i have these 3 drives in my PC:
/dev/sda 240GB SSD Sandisk SSDSDA240G
/dev/sdb 1TB HDD WDC WD10EZEX-08WN4A0
/dev/sdc 2TB SSD TS2TSSD230S
i want to install Debian Bookworm (12) on /dev/sda. my plan ...
anon
1
vote
0
answers
816
views
Reset password of an unlocked LUKS encrypted drive
I have a machine running Pop!_OS 22.04 LTS, with an encrypted drive using LUKS encryption.
The machine is running and the drive is unlocked. However, I forgot the passphrase to the drive.
I tried ...
- 111
1
vote
1
answer
1k
views
How can I authenticate LUKS encryption, on boot, with Yubikey, on KDE Neon 5.27?
I have a LUKS encrypted drive on Kdeo Neon 5.27. The LUKS password is long and tedious to type in. Given how much KDE reboots, I'm tired of typing in my password so I bought a Yubikey to speed up the ...
- 121
1
vote
0
answers
459
views
When mounting luks-encrypted disk-containers remotely, how to recover from loss of connection?
I keep sensitive data encrypted via luks, in container files. Those files are usually stored remotely (SMB, sshfs etc).
So my current workflow is as follows:
sudo mount $remoteshare /mnt
sudo ...
- 11
0
votes
1
answer
150
views
Linux booting only sometimes
I used a Notebook with a proper working MX Linux installation (LUKS encrypted disk, GRUB bootloader). This Notebook died, but i could get hands on the exact same model and hardware configuration.
So i ...
- 370
3
votes
1
answer
343
views
Repartition luks encrypted disk to add a partition
I have installed Debian on VMware, I think I chose one of the debian-installer options to manage luks encryption and LVM partitions with separate /home, /var and /tmp partitions.
Here is the output of ...
- 135
1
vote
1
answer
285
views
Is there a UDEV rule to detect decrypted and mounted LUKS partition?
I have a LUKS partition on an external hard drive. When I plug it in, Ubuntu 22.04 automatically decrypts the partition and mounts it, since I saved the passphrase to the keyring. I would like to run ...
- 957
0
votes
1
answer
794
views
`cryptsetup open` fails with correct passphrase - "No key available with this passphrase."
I recently ran (essentially) rm -rf / --no-preserve-root on my LUKS encrypted BTRFS root filesystem. I'm trying to mount the drive from an endeavouros (arch) liveusb, without success.
I created a ...
1
vote
1
answer
524
views
Linux, SSD, TRIM - Not working? (hdparm, Samsung)
MY SSD is working but TRIM may not be.
I'm running Fedora 36 with BTRFS. I installed a Samsung SSD 980 PRO 2TB SSD firmware version 5B2QGXA7 as a secondary drive that does not auto mount, as intended. ...
- 353
0
votes
0
answers
109
views
Can I force Linux to write data at the start of a file system?
TLDR;
Is there a command to force Linux to write a file (for example a PDF file, MP3, anything really) at the start of a file system ? I don't thing that # dd does the trick, because the inode table ...
- 273
1
vote
0
answers
209
views
Is luksChangeKey trustworthy on SSD (due to wear leveling)
The LUKS key which I use to secure my SSD was recently compromised, but I'm questioning how effective it would be to change the key, because the LUKS header might not be overwritten. In fact, I wonder ...
user1782876
1
vote
0
answers
303
views
Clone LUKS encrypted SSD to NVME (slightly different size)
I bought a same sized NVME as my previous SSD to clone it.
I mean I thought they were of the same size. Both are supposed to be 1 TB discs.
I did:
sudo dd if=/dev/sda of=/dev/nvme1n1 bs=64K conv=sync,...
- 23
1
vote
0
answers
339
views
Clonezilla error creating image from encrypted SSD: LUKS header file not found
I'm trying to create a full-disk image with Clonezilla alternative stable - 20221103-kinetic (Ubuntu-based) of my Dell XPS 15 7590. The notebook has only Ubuntu 22.04, standard partitioning.
The disk ...
0
votes
0
answers
173
views
Corrupted Drives While Copying Large Files Between LUKS Partitions
I'm currently in the process of backing up a few terrabytes of files from one drive to another. (both LUKS encrypted HDDs)
Unfortunately, after some time I always end up with readonly filesystem ...
- 141
2
votes
0
answers
1k
views
repair boot with encrypted partitions
I am trying to repair my system boot with boot-repair.
I used to have a dual boot with Windows and Ubuntu and installed Manjaro alongside.
Unfortunately, Windows does no longer show in the boot menu.
...
- 159
0
votes
2
answers
2k
views
How to recover accidentily deleted LUKS partition table?
The problem
I've accidently deleted a LUKS partition by pressing the red button in the bottom right corner on one of my external hard drives.
Now it just says "Free Space":
The files are ...
- 141
1
vote
0
answers
267
views
LUKS2 master passphrase in kernel keyring: Token unusable error
I'm trying to follow the documentation on how to pass a key to LUKSv2 via the kernel key ring: https://fossies.org/linux/cryptsetup/docs/Keyring.txt
This does not work for me at all:
# dd if=/dev/zero ...
0
votes
0
answers
76
views
Logging in with a secondary encrypted luks drive
I added another drive in my Debian machine and also encrypted it using Luks. So using the following instruction from this site, I got it to work. My question, however is that I thought that in my ...
- 137
1
vote
0
answers
771
views
Grub does not load on boot after transfer of SSD drive to another laptop
I got two laptops of the same make and model, laptop Alpha and laptop Beta. Alpha runs a LUKS encrypted LVM of linux and is partitioned into three parts: Grub, swap, and the encrypted drive. It's been ...
- 31
1
vote
1
answer
1k
views
Other ways to login and decrypt LUKS volumen when dropbear-initramfs is installed
I'm new to this site and after searching for a couple of hours already, I couldn't find a similar topic or figure out a solution, so I'm going to ask here.
I have setup a new remote server with Ubuntu ...
- 13
1
vote
0
answers
296
views
How to delete a debian luks swap partition properly?
There is the post Removing the swap partition from a LUKS encrypted SSDD but it's tagged as linux mint.
Because of the fact that update-initramfs (a debian tool) reports an error my problem is related ...
- 1,250
0
votes
1
answer
1k
views
Extending encrypted partition (LVM, LUKS)
I'm running a dual boot (Win 10 Pro, Ubuntu 20.04) system on a single NVMe harddisk. Linux contains one encrypted root partition, an encrypted boot partition and a swap partition. As the root ...
- 1
0
votes
0
answers
486
views
LUKS encrypted disk with pop_os installed booting into initramfs
I've purchased a new SSD and created partitions for root, home, swap and boot. I've encrypted root, home and swap using LUKS following the directions at https://www.ibm.com/docs/en/order-management-sw/...
- 101
1
vote
1
answer
1k
views
Is there any vulnerability if I encrypt disk with LUKS and TPM without specifying pcr_ids?
According to many tutorials on the internet, the process of adding a TPM-stored key to LUKS is to run clevis luks bind -d /dev/sda1 tpm2 '{"pcr_ids": "7"}', but I received the ...
- 153
0
votes
1
answer
202
views
Unsure if I encrypted external HDD correctly with LUKS
I followed the instruction from this page.
I was unable to encrypt the the disk, but was able to encrypt its partition. I don't if it was the correct thing to do, but i did it anyway because it's not ...
0
votes
1
answer
591
views
In a new rocky9 vm, LVM2 does NOT see the newly attached PVs under LUKS
In a new rocky9 vm, LVM2 does NOT see the newly attached PVs under LUKS.
===
The end goal is to migrate a simple "repo" server (that holds iso files) from centos8 to rocky9.
I have a freshly ...
- 11
0
votes
1
answer
200
views
Secure LUKS keyfile in root partition
I have 10 virtual machines with elasticsearch on VMware and compliance said that i should encrypt data volumes, the disk based encryption will be enough for compliance
i want to use keyfile to ...
- 1
0
votes
1
answer
156
views
SUDO asks for "Encryption passphrase" on new setup with LUKS
SUDO keeps asking for Encryption passphrase on my latest setup. I'm not sure what encryption the passphrase is for, except that I suspect that it is related to LUKS encryption. Also I noted it doesn't ...
- 101
0
votes
0
answers
1k
views
Automatic unlock of LUKS external data drive when plugged in
I have set up LUKS for an external USB HDD with two protectors: a passphrase and a file key. I would like to automatically both unlock the drive and automount when the drive is plugged in.
I've set up ...
- 457
1
vote
0
answers
1k
views
Installing two identical Linux systems with full disk encryption alongside each other - second one overwrites EFI entries
Disclaimer: I've seen a few similar posts online, answers to which suggested that reinstalling grub might help. I tried it (see below), but for me the issue is still unresolved.
I wanted to set up two ...
- 161
1
vote
1
answer
4k
views
LUKS with separate /home within encrypted volume
First time using full disk encryption with LUKS. Sorry for a lot of novice questions.
Before using full disk encryption, I used to have separate partitions /boot, /, home which allow to to reinstall ...
- 233