Difference between revisions of "Linux: Full Disk Encryption"

From fit-PC wiki
Jump to: navigation, search
(Created page with "== Overview == This guide explains how to make your personal data secure by encrypting your Linux root filesystem using strong cryptography * Linux Unified Key Setup (LUKS) -...")   (change visibility)
 
(Overview)   (change visibility)
Line 1: Line 1:
 
== Overview ==
 
== Overview ==
 
 
This guide explains how to make your personal data secure by encrypting your Linux root filesystem using strong cryptography
 
This guide explains how to make your personal data secure by encrypting your Linux root filesystem using strong cryptography
 
* Linux Unified Key Setup (LUKS) - is the standard for Linux hard disk encryption
 
* Linux Unified Key Setup (LUKS) - is the standard for Linux hard disk encryption
 
* Trusted Platform Module (TPM) - is dedicated micro-controller designed to secure hardware through integrated cryptographic keys
 
* Trusted Platform Module (TPM) - is dedicated micro-controller designed to secure hardware through integrated cryptographic keys
 
The idea is encrypt partition with root filesystem and store the keys in TPM chip. Then, on boot, encrypted partition will be automatically decrypted.
 
The idea is encrypt partition with root filesystem and store the keys in TPM chip. Then, on boot, encrypted partition will be automatically decrypted.
 
  
 
== List of tested devices ==
 
== List of tested devices ==

Revision as of 10:17, 30 June 2019

Overview

This guide explains how to make your personal data secure by encrypting your Linux root filesystem using strong cryptography

  • Linux Unified Key Setup (LUKS) - is the standard for Linux hard disk encryption
  • Trusted Platform Module (TPM) - is dedicated micro-controller designed to secure hardware through integrated cryptographic keys

The idea is encrypt partition with root filesystem and store the keys in TPM chip. Then, on boot, encrypted partition will be automatically decrypted.

List of tested devices

The guide was tested on a system with the specs listed below, but should be easily adaptable.

  • Device: fitlet2
  • OS: Debian GNU/Linux testing (buster)
  • ISO: debian-buster-DI-rc2-amd64-netinst.iso
  • Kernel: 4.19.0-5-amd64
  • BIOS: 09/17/2018 American Megatrends Inc. FLT2.0.46.01.00
  • TPM: Firmware based TPM 2.0 implementation