Product SiteDocumentation Site

Chapter 28. Disk Encryption Guide

28.1. What is block device encryption?
28.2. Encrypting block devices using dm-crypt/LUKS
28.2.1. Overview of LUKS
28.2.2. How will I access the encrypted devices after installation? (System Startup)
28.2.3. Choosing a Good Passphrase
28.3. Creating Encrypted Block Devices in Anaconda
28.3.1. What Kinds of Block Devices Can Be Encrypted?
28.3.2. Limitations of Anaconda's Block Device Encryption Support
28.4. Creating Encrypted Block Devices on the Installed System After Installation
28.4.1. Create the block devices
28.4.2. Optional: Fill the device with random data
28.4.3. Format the device as a dm-crypt/LUKS encrypted device
28.4.4. Create a mapping to allow access to the device's decrypted contents
28.4.5. Create filesystems on the mapped device, or continue to build complex storage structures using the mapped device
28.4.6. Add the mapping information to /etc/crypttab
28.4.7. Add an entry to /etc/fstab
28.5. Common Post-Installation Tasks
28.5.1. Set a randomly generated key as an additional way to access an encrypted block device
28.5.2. Add a new passphrase to an existing device
28.5.3. Remove a passphrase or key from a device

Note

Red Hat Enterprise Linux 5.3 now contains support during installation for file system encryption. This is not supported for earlier versions of Red Hat Enterprise Linux.

28.1. What is block device encryption?

Block device encryption protects the data on a block device by encrypting it. To access the device's decrypted contents, a user must provide a passphrase or key as authentication. This provides additional security beyond existing OS security mechanisms in that it protects the device's contents even if it has been physically removed from the system.