Setting up encrypted volumes with LUKS: Difference between revisions
(Propose deletion) |
WhyNotHugo (talk | contribs) (Add all the basics required to set up LUKS) |
||
| Line 1: | Line 1: | ||
[https://en.wikipedia.org/wiki/Linux%20Unified%20Key%20Setup LUKS] allows encrypting a partition and mapping it as a virtual block device, which can then be used as a normal partition. Guides for other Linux distributions should serve as a general references for installing Alpine onto a LUKS encrypted disk. | |||
The following approaches are known to work: | |||
* Plain LUKS | |||
* [[LVM on LUKS]] | * [[LVM on LUKS]] | ||
There is no reason to assume more exotic setups would fail to work on Alpine. | |||
== mkinitfs and LUKS == | |||
For those familiar with setting up FDE on other Linux distributions, this section contains only Alpine-specific knowledge required is understanding [[mkinitfs]]. | |||
First of all, the <code>cryptsetup</code> feature needs to be added to <code>/etc/mkinitfs/mkinitfs.conf</code>. Additionally, the following kernel parameters are required: | |||
* <code>cryptroot</code> kernel parameter should point to the encrypted block device. | |||
* <code>root</code> kernel parameter should point to the mapped block device (e.g.: the <code>ext4</code>/<code>btrfs</code> volume that is exposed once the encrypted partition is unlocked). | |||
* <code>rootfstype</code>: The filesystem type of the root partition (e.g.: <code>btrfs</code>). | |||
== See also == | |||
* [https://wiki.archlinux.org/index.php/Dm-crypt dm-crypt on ArchWiki] | * [https://wiki.archlinux.org/index.php/Dm-crypt dm-crypt on ArchWiki] | ||
[[Category:Storage]] | [[Category:Storage]] | ||
[[Category:Security]] | [[Category:Security]] | ||
Revision as of 10:32, 7 January 2023
LUKS allows encrypting a partition and mapping it as a virtual block device, which can then be used as a normal partition. Guides for other Linux distributions should serve as a general references for installing Alpine onto a LUKS encrypted disk.
The following approaches are known to work:
- Plain LUKS
- LVM on LUKS
There is no reason to assume more exotic setups would fail to work on Alpine.
mkinitfs and LUKS
For those familiar with setting up FDE on other Linux distributions, this section contains only Alpine-specific knowledge required is understanding mkinitfs.
First of all, the cryptsetup feature needs to be added to /etc/mkinitfs/mkinitfs.conf. Additionally, the following kernel parameters are required:
cryptrootkernel parameter should point to the encrypted block device.rootkernel parameter should point to the mapped block device (e.g.: theext4/btrfsvolume that is exposed once the encrypted partition is unlocked).rootfstype: The filesystem type of the root partition (e.g.:btrfs).