Difference between revisions of "Linux: Full Disk Encryption"
From fit-PC wiki
(→Overview) (change visibility) |
(→Overview) (change visibility) |
||
Line 1: | Line 1: | ||
== Overview == | == Overview == | ||
− | + | The idea is encrypt partition with root filesystem using LUKS and store the keys in the TPM.<br> | |
− | * Linux Unified Key Setup | + | During boot user does not have to enter a decryption password, partition will be automatically decrypted using the keys from TPM.<br> |
− | * Trusted Platform Module | + | It's a open-source alternative to Windows BitLocker. |
− | + | ||
+ | * LUKS (Linux Unified Key Setup) - is a full volume encryption feature, the standard for Linux hard disk encryption | ||
+ | * TPM (Trusted Platform Module) - is dedicated micro-controller designed to secure hardware through integrated cryptographic keys | ||
== List of tested devices == | == List of tested devices == |
Revision as of 11:08, 30 June 2019
Overview
The idea is encrypt partition with root filesystem using LUKS and store the keys in the TPM.
During boot user does not have to enter a decryption password, partition will be automatically decrypted using the keys from TPM.
It's a open-source alternative to Windows BitLocker.
- LUKS (Linux Unified Key Setup) - is a full volume encryption feature, the standard for Linux hard disk encryption
- TPM (Trusted Platform Module) - is dedicated micro-controller designed to secure hardware through integrated cryptographic keys
List of tested devices
The guide was tested on a system with the specs listed below, but should be easily adaptable.
- Device: fitlet2
- OS: Debian GNU/Linux testing (buster)
- ISO: debian-buster-DI-rc2-amd64-netinst.iso
- Kernel: 4.19.0-5-amd64
- BIOS: 09/17/2018 American Megatrends Inc. FLT2.0.46.01.00
- TPM: Firmware based TPM 2.0 implementation