(Redirected from Dm-crypt (Français))
- a transparent disk encryption subsystem in [the] Linux kernel... [It is] implemented as a device mapper target and may be stacked on top of other device mapper transformations. It can thus encrypt whole disks (including removable media), partitions, software RAID volumes, logical volumes, as well as files. It appears as a block device, which can be used to back file systems, swap or as an LVM physical volume.
- /Drive preparation
- Deals with operations like securely erasing the drive and dm-crypt specific points for partitioning it.
- /Device encryption
- Covers how to manually utilize dm-crypt to encrypt a system through the cryptsetup command. It covers examples of the Encryption options with dm-crypt, deals with the creation of keyfiles, LUKS specific commands for key management as well as for Backup and restore.
- /System configuration
- Illustrates how to configure mkinitcpio, the boot loader and the crypttab file when encrypting a system.
- /Swap encryption
- Covers how to add a swap partition to an encrypted system, if required. The swap partition must be encrypted as well to protect any data swapped out by the system. This part details methods without and with suspend-to-disk support.
- Deals with special operations like securing the unencrypted boot partition, using GPG or OpenSSL encrypted keyfiles, a method to boot and unlock via the network, another for setting up discard/TRIM for a SSD, and sections dealing with the encrypt hook and multiple disks.
- /Encrypting a non-root file system
- If you need to encrypt a device that is not used for booting a system, like a partition or a file container.
- /Encrypting an entire system
- If you want to encrypt an entire system, in particular a root partition. Several scenarios are covered, including the use of dm-crypt with the LUKS extension, plain mode encryption and encryption and LVM.