LVM Verschlüsselung: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| (33 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
=Install= | =Install= | ||
| − | * apt-get install lvm2 | + | * apt-get install lvm2 cryptsetup cryptsetup-initramfs |
| + | |||
= Szenario = | = Szenario = | ||
*fdisk -l /dev/sdb | *fdisk -l /dev/sdb | ||
<pre> | <pre> | ||
| − | Device Boot | + | Device Boot Start End Sectors Size Id Type |
| − | /dev/sdb1 | + | /dev/sdb1 2048 41943039 41940992 20G 83 Linux |
| − | |||
</pre> | </pre> | ||
| + | |||
=LUKS-Medium erstellen= | =LUKS-Medium erstellen= | ||
| − | *cryptsetup luksFormat | + | *cryptsetup luksFormat /dev/sdb1 |
<pre> | <pre> | ||
WARNING! | WARNING! | ||
| Zeile 19: | Zeile 20: | ||
Verify passphrase: | Verify passphrase: | ||
</pre> | </pre> | ||
| − | =LUKS-Medium öffnen mit dem Namen | + | |
| − | cryptsetup | + | =LUKS-Medium öffnen mit dem Namen cryptpart= |
| − | Enter passphrase for /dev/sdb1: | + | *cryptsetup open /dev/sdb1 cryptpart |
| + | Enter passphrase for /dev/sdb1: | ||
| + | |||
| + | =Device vorbereiten für LVM= | ||
| + | *pvcreate /dev/mapper/cryptpart | ||
| + | |||
| + | =Erstellen der Volumegruppe= | ||
| + | *vgcreate vgdata /dev/mapper/cryptpart | ||
| + | |||
| + | =Erstellen der Logical Volumes data und media= | ||
| + | *lvcreate -L 7G -n misc vgdata | ||
| + | Logical volume "misc" created. | ||
| + | *lvcreate -L 7G -n media vgdata | ||
| + | Logical volume "media" created. | ||
| + | |||
| + | =Formatieren= | ||
| + | *mkfs.ext4 /dev/mapper/vgdata-misc | ||
| + | *mkfs.ext4 /dev/mapper/vgdata-media | ||
| + | |||
| + | =Mountpoints erstellen= | ||
| + | *mkdir /mnt/media | ||
| + | *mkdir /mnt/misc | ||
| + | |||
| + | =Ermitteln der UUID= | ||
| + | *blkid /dev/sdb1 | ||
| + | /dev/sdb1: UUID="506dd1ee-71c7-46c3-b2ec-4379bdbbad46" TYPE="crypto_LUKS" PARTUUID="2490e605-01" | ||
| + | |||
| + | =/etc/crypttab= | ||
| + | # <target name> <source device> <key file> <options> | ||
| + | cryptpart UUID=506dd1ee-71c7-46c3-b2ec-4379bdbbad46 none luks,initramfs | ||
| + | |||
| + | ;Update ramdisk | ||
| + | *update-initramfs -u | ||
| + | |||
| + | =/etc/fstab= | ||
| + | /dev/mapper/vgdata-misc /mnt/misc ext4 defaults | ||
| + | /dev/mapper/vgdata-media /mnt/media ext4 defaults | ||
| + | |||
| + | =Systemstart= | ||
| + | Please unlock disk cryptpart: | ||
| + | |||
| + | =So soll es aussehen= | ||
| + | *df -h | grep mapper | ||
| + | /dev/mapper/vgdata-misc 6.8G 1.8M 6.5G 1% /mnt/misc | ||
| + | /dev/mapper/vgdata-media 6.8G 1.8M 6.5G 1% /mnt/media | ||
| + | |||
| + | =Links= | ||
| + | *https://linuxwiki.de/cryptsetup | ||
| + | *https://wiki.ubuntuusers.de/System_verschl%C3%BCsseln/ | ||
Aktuelle Version vom 16. Mai 2026, 12:56 Uhr
Install
- apt-get install lvm2 cryptsetup cryptsetup-initramfs
Szenario
- fdisk -l /dev/sdb
Device Boot Start End Sectors Size Id Type /dev/sdb1 2048 41943039 41940992 20G 83 Linux
LUKS-Medium erstellen
- cryptsetup luksFormat /dev/sdb1
WARNING! ======== This will overwrite data on /dev/sdb1 irrevocably. Are you sure? (Type uppercase yes): YES Enter passphrase for /dev/sdb1: Verify passphrase:
LUKS-Medium öffnen mit dem Namen cryptpart
- cryptsetup open /dev/sdb1 cryptpart
Enter passphrase for /dev/sdb1:
Device vorbereiten für LVM
- pvcreate /dev/mapper/cryptpart
Erstellen der Volumegruppe
- vgcreate vgdata /dev/mapper/cryptpart
Erstellen der Logical Volumes data und media
- lvcreate -L 7G -n misc vgdata
Logical volume "misc" created.
- lvcreate -L 7G -n media vgdata
Logical volume "media" created.
Formatieren
- mkfs.ext4 /dev/mapper/vgdata-misc
- mkfs.ext4 /dev/mapper/vgdata-media
Mountpoints erstellen
- mkdir /mnt/media
- mkdir /mnt/misc
Ermitteln der UUID
- blkid /dev/sdb1
/dev/sdb1: UUID="506dd1ee-71c7-46c3-b2ec-4379bdbbad46" TYPE="crypto_LUKS" PARTUUID="2490e605-01"
/etc/crypttab
# <target name> <source device> <key file> <options> cryptpart UUID=506dd1ee-71c7-46c3-b2ec-4379bdbbad46 none luks,initramfs
- Update ramdisk
- update-initramfs -u
/etc/fstab
/dev/mapper/vgdata-misc /mnt/misc ext4 defaults /dev/mapper/vgdata-media /mnt/media ext4 defaults
Systemstart
Please unlock disk cryptpart:
So soll es aussehen
- df -h | grep mapper
/dev/mapper/vgdata-misc 6.8G 1.8M 6.5G 1% /mnt/misc /dev/mapper/vgdata-media 6.8G 1.8M 6.5G 1% /mnt/media