Difference between revisions of "Linux: Full Disk Encryption"

From fit-PC wiki
Jump to: navigation, search
(Overview)   (change visibility)
(Overview)   (change visibility)
Line 1: Line 1:
 
== Overview ==
 
== Overview ==
This guide explains how to make your personal data secure by encrypting your Linux root filesystem using strong cryptography
+
The idea is encrypt partition with root filesystem using LUKS and store the keys in the TPM.<br>
* Linux Unified Key Setup (LUKS) - is the standard for Linux hard disk encryption
+
During boot user does not have to enter a decryption password, partition will be automatically decrypted using the keys from TPM.<br>
* Trusted Platform Module (TPM) - is dedicated micro-controller designed to secure hardware through integrated cryptographic keys
+
It's a open-source alternative to Windows BitLocker.
The idea is encrypt partition with root filesystem and store the keys in TPM chip. Then, on boot, encrypted partition will be automatically decrypted.
+
 
 +
* LUKS (Linux Unified Key Setup) - is a full volume encryption feature, the standard for Linux hard disk encryption
 +
* TPM (Trusted Platform Module) - is dedicated micro-controller designed to secure hardware through integrated cryptographic keys
  
 
== List of tested devices ==
 
== List of tested devices ==

Revision as of 11:08, 30 June 2019

Overview

The idea is encrypt partition with root filesystem using LUKS and store the keys in the TPM.
During boot user does not have to enter a decryption password, partition will be automatically decrypted using the keys from TPM.
It's a open-source alternative to Windows BitLocker.

  • LUKS (Linux Unified Key Setup) - is a full volume encryption feature, the standard for Linux hard disk encryption
  • TPM (Trusted Platform Module) - is dedicated micro-controller designed to secure hardware through integrated cryptographic keys

List of tested devices

The guide was tested on a system with the specs listed below, but should be easily adaptable.

  • Device: fitlet2
  • OS: Debian GNU/Linux testing (buster)
  • ISO: debian-buster-DI-rc2-amd64-netinst.iso
  • Kernel: 4.19.0-5-amd64
  • BIOS: 09/17/2018 American Megatrends Inc. FLT2.0.46.01.00
  • TPM: Firmware based TPM 2.0 implementation