Linux: Full Disk Encryption
This guide explains how to make your personal data secure by encrypting your Linux root filesystem using strong cryptography
- Linux Unified Key Setup (LUKS) - is the standard for Linux hard disk encryption
- Trusted Platform Module (TPM) - is dedicated micro-controller designed to secure hardware through integrated cryptographic keys
The idea is encrypt partition with root filesystem and store the keys in TPM chip. Then, on boot, encrypted partition will be automatically decrypted.
List of tested devices
The guide was tested on a system with the specs listed below, but should be easily adaptable.
- Device: fitlet2
- OS: Debian GNU/Linux testing (buster)
- ISO: debian-buster-DI-rc2-amd64-netinst.iso
- Kernel: 4.19.0-5-amd64
- BIOS: 09/17/2018 American Megatrends Inc. FLT2.0.46.01.00
- TPM: Firmware based TPM 2.0 implementation