Difference between revisions of "Linux: Full Disk Encryption"
From fit-PC wiki
(Created page with "== Overview == This guide explains how to make your personal data secure by encrypting your Linux root filesystem using strong cryptography * Linux Unified Key Setup (LUKS) -...") (change visibility) |
(→Overview) (change visibility) |
||
Line 1: | Line 1: | ||
== Overview == | == Overview == | ||
− | |||
This guide explains how to make your personal data secure by encrypting your Linux root filesystem using strong cryptography | This guide explains how to make your personal data secure by encrypting your Linux root filesystem using strong cryptography | ||
* Linux Unified Key Setup (LUKS) - is the standard for Linux hard disk encryption | * Linux Unified Key Setup (LUKS) - is the standard for Linux hard disk encryption | ||
* Trusted Platform Module (TPM) - is dedicated micro-controller designed to secure hardware through integrated cryptographic keys | * Trusted Platform Module (TPM) - is dedicated micro-controller designed to secure hardware through integrated cryptographic keys | ||
The idea is encrypt partition with root filesystem and store the keys in TPM chip. Then, on boot, encrypted partition will be automatically decrypted. | The idea is encrypt partition with root filesystem and store the keys in TPM chip. Then, on boot, encrypted partition will be automatically decrypted. | ||
− | |||
== List of tested devices == | == List of tested devices == |
Revision as of 10:17, 30 June 2019
Overview
This guide explains how to make your personal data secure by encrypting your Linux root filesystem using strong cryptography
- Linux Unified Key Setup (LUKS) - is the standard for Linux hard disk encryption
- Trusted Platform Module (TPM) - is dedicated micro-controller designed to secure hardware through integrated cryptographic keys
The idea is encrypt partition with root filesystem and store the keys in TPM chip. Then, on boot, encrypted partition will be automatically decrypted.
List of tested devices
The guide was tested on a system with the specs listed below, but should be easily adaptable.
- Device: fitlet2
- OS: Debian GNU/Linux testing (buster)
- ISO: debian-buster-DI-rc2-amd64-netinst.iso
- Kernel: 4.19.0-5-amd64
- BIOS: 09/17/2018 American Megatrends Inc. FLT2.0.46.01.00
- TPM: Firmware based TPM 2.0 implementation