[dm-crypt] Encrypt all partitions with dm-crypt

Stayvoid stayvoid at gmail.com
Wed Sep 5 06:21:36 CEST 2012

Hello there,

Let's move back to the initial questions...

I'd like to use a plain version of dm-crypt because it doesn't
store a header on a disk. (Yes, I know that LUKS is a recommended
way, but I've already made my choice.)

I haven't found any guides to the plain version that's why I
decided to ask first.

Here is what I'm going to do:
(These notes are based on this guide [1].
I'm using a LiveUSB.)

1. Overwrite a hard disk:

# dd if=/dev/urandom of=/dev/sda bs=1M

2. Create partitions:

# fdisk /dev/sda

Here is my partition scheme:

Device    Boot    Start         End     Blocks  Id  System
/dev/sda1          2048      206847     102400  83  Linux
/dev/sda2        206848     2303999    1048576  82  Linux
/dev/sda3       2304000   312581807  155138904  83  Linux

* /dev/sda1 -- /boot;
* /dev/sda2 -- swap;
* /dev/sda3 -- the rest.

When can I create the filesystems?
Can I do it at this step?

3. Mapping partitions:

# cryptsetup -y -c aes-xts-plain -s 512 create swap /dev/sda2
# cryptsetup -y -c aes-xts-plain -s 512 create main /dev/sda3

After this step the guide [1] suggests to unlock LUKS partitions:

# cryptsetup luksOpen /dev/<partitions name> <device-mapper name>

How to do it using the plain version of dm-crypt?
Is it even necessary?

4. Encrypting the swap partition with suspend-to-disk support:

How to do it using the plain version?

What else should be done to finish the configuration?

[1] https://wiki.archlinux.org/index.php/Dm-crypt_with_LUKS


More information about the dm-crypt mailing list