Chapter 29. Disk Encryption Guide

29.1. What is block device encryption?

29.2. Encrypting block devices using dm-crypt/LUKS

29.2.1. Overview of LUKS
29.2.2. How will I access the encrypted devices after installation? (System Startup)
29.2.3. Choosing a Good Passphrase

29.3. Creating Encrypted Block Devices in Anaconda

29.3.1. What Kinds of Block Devices Can Be Encrypted?

29.4. Creating Encrypted Block Devices on the Installed System After Installation

29.4.1. Create the block devices
29.4.2. Optional: Fill the device with random data
29.4.3. Format the device as a dm-crypt/LUKS encrypted device
29.4.4. Create a mapping to allow access to the device's decrypted contents
29.4.5. Create filesystems on the mapped device, or continue to build complex storage structures using the mapped device
29.4.6. Add the mapping information to /etc/crypttab
29.4.7. Add an entry to /etc/fstab

29.5. Common Post-Installation Tasks

29.5.1. Set a randomly generated key as an additional way to access an encrypted block device
29.5.2. Add a new passphrase to an existing device
29.5.3. Remove a passphrase or key from a device

Note

Red Hat Enterprise Linux 5.3 now contains support during installation for file system encryption. This is not supported for earlier versions of Red Hat Enterprise Linux.

29.1. What is block device encryption?

Block device encryption protects the data on a block device by encrypting it. To access the device's decrypted contents, a user must provide a passphrase or key as authentication. This provides additional security beyond existing OS security mechanisms in that it protects the device's contents even if it has been physically removed from the system.