I have one physical server and would like to configure full disk encryption for it.
First I was playing around with an virtual machines (CentOS7) and have enabled it during installation:
On reboot I get the following prompt and can successfully unlock the drive:
[root@srv~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 20G 0 disk
├─sda1 8:1 0 1G 0 part /boot
└─sda2 8:2 0 19G 0 part
└─luks-9ca13c53-317d-42c5-a3ea-c6039274bf38 253:0 0 19G 0 crypt
├─centos_otrs-root 253:1 0 17G 0 lvm /
└─centos_otrs-swap 253:2 0 2G 0 lvm [SWAP]
sr0 11:0 1 1024M 0 rom
AFAICS the
On reboot I get the following prompt and can successfully unlock the drive:
[root@srv~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 20G 0 disk
├─sda1 8:1 0 1G 0 part /boot
└─sda2 8:2 0 19G 0 part
└─luks-9ca13c53-317d-42c5-a3ea-c6039274bf38 253:0 0 19G 0 crypt
├─centos_otrs-root 253:1 0 17G 0 lvm /
└─centos_otrs-swap 253:2 0 2G 0 lvm [SWAP]
sr0 11:0 1 1024M 0 rom
AFAICS the bootpartition is not encrypted. How could I possibly perform a true full disk encryption and still be able to use the crypt-ssh dracut module for remote unlocking of systems with disk encryption via ssh.
Thanks!
Asked by blabla_trace
(385 rep)
Apr 17, 2019, 10:45 AM
Last activity: Apr 23, 2025, 09:03 PM
Last activity: Apr 23, 2025, 09:03 PM