To format a partition (e.g. sda1) as LUKS with an HMAC integrity layer:
cryptsetup luksFormat --type=luks2 --integrity hmac-sha256 /dev/sda1
Or without an integrity layer: (you probably want this for most usecases)
cryptsetup luksFormat --type=luks2 /dev/sda1
To open the encrypted partition:
cryptsetup open /dev/sda1 sda1_crypt
Alternative was to open it while permanently marking the LUKS device to accept discard (TRIM) operations:
cryptsetup open /dev/sda1 sda1_crypt --allow-discards --persistent
This will create a decrypted device for the same partition which you can format like so: (-i 4M for storing files around 4MiB each, -m 0 to avoid reserving space for the root user, change the Label to whatever you like)
mkfs.ext4 -i 4M -m 0 -L Label /dev/mapper/sda1_crypt
Then close it:
cryptsetup close /dev/mapper/sda1_crypt
Disconnect the device and reconnect it (or mount it however you normally do) to see if everything works.
No comments:
Post a Comment