[dm-crypt] Partition mandatory?

Patrick mailorp at gmail.com
Sun Jun 19 15:54:45 CEST 2011


I am quite new to linux (Ubuntu) and wish to use encrypted drives. I
already use LUKS encrypted disks, that's great.
I have a question regarding full disk encryption.

I tried to find an answer in the doc... "rtfm" did not solve it, neither
did some asking on IRC channels (answers like "no that's bad!", with no
further explanation as why "no" weren't just convincing enough... ;-)   ).

The case :
I want to encrypt a full USB disk and my question is : is it mandatory
to have a partition existing on the device and to luskformat the
partition? In other words, is it OK to luksformat the full device,
without mentionning any partition? Is it off "standards"?

In fact, I tried to encrypt a full disk using something like :
/sudo cryptsetup luksFormat -c aes-xts-plain -h whirlpool -s 512 /dev/sdx/
x being the device, without mentioning a partition.

That apparently works perfectly well, the full device is then encrypted
and can be formatted as ext4 or whatever I want it to be formatted to. I
can mount it and use it.
No partition is seen on the device when inserted without decrypting, good.

I would like to know if this could cause some side effects, as I don't
encrypt a partition but directly the device itself.

Being cautious, I did create a partition for now... and did encrypt this
one. The partition using the full disk...
/sudo cryptsetup luksFormat -c aes-xts-plain -h whirlpool -s 512
/dev/sde1 (for example)/*
For my own knowledge I would really appreciate to know if it would be OK
to luksformat a full device, without using partitions. And most of all I
would like to know why (whatever yes or no the answer could be! )

Maybe is this question related to the linux "philosophy" and devices
architecture that still isn't fully natural for me for now as I am an
ex-Windows user, but I'm learning and happy to do so! :-)

Hope you can help!
Best regards,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20110619/80628df8/attachment.html>

More information about the dm-crypt mailing list