Linux full disk encryption with key on USB flash drive?

V

vanilich2016-08-12 00:28:28

linux

vanilich, 2016-08-12 00:28:28

The task arose: to completely encrypt the disk so that its contents could not be distinguished from random data. The bootloader and key, in this case, must be located on the flash drive. On Linux, especially cryptsetup is not very selenium, so I would be grateful to give at least a search vector in which one could find worthwhile (up-to-date) information.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

N

nirvimel, 2016-08-12
@nirvimel

There are a bunch of guides on the web.
For example, this is quite good. Using Btrfs is, of course, optional. Actually, the whole point is concentrated in the lines added to /etc/mkinitcpio.conf and this line

GRUB_CMDLINE_LINUX="cryptdevice=/dev/disk/by-label/SCOTTY:root:allow-discards cryptkey=/dev/disk/by-label/ISO:ext4:/<path/to/keyfile/on/flash drive>"

added to /boot/grub/grub.cfg (more precisely, to /etc/default/grub, from which it is generated). It is important to point out here that SCOTTY is the label of the volume being encrypted, and ISO is the label of the flash drive (and not the FS type).