Last modified on 30 June 2019, at 10:17

Linux: Full Disk Encryption

Revision as of 10:17, 30 June 2019 by Denis (Talk | contribs) (Overview)

Overview

This guide explains how to make your personal data secure by encrypting your Linux root filesystem using strong cryptography

  • Linux Unified Key Setup (LUKS) - is the standard for Linux hard disk encryption
  • Trusted Platform Module (TPM) - is dedicated micro-controller designed to secure hardware through integrated cryptographic keys

The idea is encrypt partition with root filesystem and store the keys in TPM chip. Then, on boot, encrypted partition will be automatically decrypted.

List of tested devices

The guide was tested on a system with the specs listed below, but should be easily adaptable.

  • Device: fitlet2
  • OS: Debian GNU/Linux testing (buster)
  • ISO: debian-buster-DI-rc2-amd64-netinst.iso
  • Kernel: 4.19.0-5-amd64
  • BIOS: 09/17/2018 American Megatrends Inc. FLT2.0.46.01.00
  • TPM: Firmware based TPM 2.0 implementation