Install

• apt-get install lvm2 cryptsetup cryptsetup-initramfs

Szenario

• fdisk -l /dev/sdb

Device     Boot Start      End  Sectors Size Id Type
/dev/sdb1        2048 41943039 41940992  20G 83 Linux

LUKS-Medium erstellen

• cryptsetup luksFormat /dev/sdb1

WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase for /dev/sdb1: 
Verify passphrase: 

LUKS-Medium öffnen mit dem Namen cryptpart

• cryptsetup open /dev/sdb1 cryptpart

Enter passphrase for /dev/sdb1:

Device vorbereiten für LVM

• pvcreate /dev/mapper/cryptpart

Erstellen der Volumegruppe

• vgcreate vgdata /dev/mapper/cryptpart

Erstellen der Logical Volumes data und media

• lvcreate -L 7G -n misc vgdata

 Logical volume "misc" created.

• lvcreate -L 7G -n media vgdata

 Logical volume "media" created.

Formatieren

• mkfs.ext4 /dev/mapper/vgdata-misc
• mkfs.ext4 /dev/mapper/vgdata-media

Mountpoints erstellen

• mkdir /mnt/media
• mkdir /mnt/misc

Ermitteln der UUID

• blkid /dev/sdb1

/dev/sdb1: UUID="506dd1ee-71c7-46c3-b2ec-4379bdbbad46" TYPE="crypto_LUKS" PARTUUID="2490e605-01"

/etc/crypttab

# <target name>	<source device>		<key file>	<options>
cryptpart UUID=506dd1ee-71c7-46c3-b2ec-4379bdbbad46 none luks,initramfs

Update ramdisk

• update-initramfs -u

/etc/fstab

/dev/mapper/vgdata-misc /mnt/misc ext4 defaults
/dev/mapper/vgdata-media /mnt/media ext4 defaults

Systemstart

Please unlock disk cryptpart:

So soll es aussehen

• df -h | grep mapper

/dev/mapper/vgdata-misc   6.8G  1.8M  6.5G   1% /mnt/misc
/dev/mapper/vgdata-media  6.8G  1.8M  6.5G   1% /mnt/media

Links

• https://linuxwiki.de/cryptsetup
• https://wiki.ubuntuusers.de/System_verschl%C3%BCsseln/