Criptografando um SSD/HDD manualmente no Linux com o CryptSetup (LUKS)
disclaymer (opcoes e modos de criptografar)
1. Identificar o disco
- op1 - pelo tamanho do disco
- op2 - caso tenha 2 discos iguais, usar o mount ou apenas desconectar um dos discos e ver qual é o novo
2. Criar partição a ser criptografada
2.1. precisei apagar as particoes existentes.
box@box:~$ sudo gdisk /dev/sdc
GPT fdisk (gdisk) version 1.0.6
The protective MBR's 0xEE partition is oversized! Auto-repairing.
Partition table scan:
MBR: protective
BSD: not present
APM: not present
GPT: present
Found valid GPT with protective MBR; using GPT.
Command (? for help): p
Disk /dev/sdc: 3907029168 sectors, 1.8 TiB
Model: Generic
Sector size (logical/physical): 512/4096 bytes
Disk identifier (GUID): 954C8903-2CD3-4EF4-B907-632776F3A1BC
Partition table holds up to 128 entries
Main partition table begins at sector 2 and ends at sector 33
First usable sector is 34, last usable sector is 3907029134
Partitions will be aligned on 2048-sector boundaries
Total free space is 3874242669 sectors (1.8 TiB)
Number Start (sector) End (sector) Size Code Name
1 2048 309247 150.0 MiB EF00 EFI system partition
2 309248 571391 128.0 MiB 0C01 Microsoft reserved ...
3 3874785280 3876812799 990.0 MiB 2700
4 3876812800 3904253951 13.1 GiB 2700
5 3904256000 3907004415 1.3 GiB 2700
Command (? for help): d
Partition number (1-5): 1
Command (? for help): d
Partition number (2-5): 2
Command (? for help): d
Partition number (3-5): 3
Command (? for help): d
Partition number (4-5): 4
Command (? for help): d
Using 5
2. Criando partição
Command (? for help): c
No partitions
Command (? for help): n
Partition number (1-128, default 1):
First sector (34-3907029134, default = 2048) or {+-}size{KMGTP}:
Last sector (2048-3907029134, default = 3907029134) or {+-}size{KMGTP}:
Current type is 8300 (Linux filesystem)
Hex code or GUID (L to show codes, Enter = 8300):
Changed type of partition to 'Linux filesystem'
Command (? for help): w
Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING
PARTITIONS!!
Do you want to proceed? (Y/N): Y
OK; writing new GUID partition table (GPT) to /dev/sdc.
The operation has completed successfully.
3. Formatando a partição para o formato LUKS
box@box:~$ sudo fdisk -l | grep "sdc"
Disk /dev/sdc: 1.82 TiB, 2000398934016 bytes, 3907029168 sectors
/dev/sdc1 2048 3907029134 3907027087 1.8T Linux filesystem
box@box:~$ sudo cryptsetup luksFormat /dev/sdc1
WARNING: Device /dev/sdc1 already contains a 'vfat' superblock signature.
WARNING!
========
This will overwrite data on /dev/sdc1 irrevocably.
Are you sure? (Type 'yes' in capital letters): YES
Enter passphrase for /dev/sdc1:
Verify passphrase:
4. Decriptografando
box@box:~$ sudo cryptsetup open /dev/sdc1 hd_swap
Enter passphrase for /dev/sdc1:
4.1 Listando partição descriptografada
box@box:~$ sudo fdisk -l | grep hd_swap
Disk /dev/mapper/hd_swap: 1.82 TiB, 2000381091328 bytes, 3906994319 sectors
5. Formatando
box@box:~$ sudo mkfs.ext4 /dev/mapper/hd_swap
mke2fs 1.46.2 (28-Feb-2021)
Creating filesystem with 488374272 4k blocks and 122332032 inodes
Filesystem UUID: 1af577e5-48a0-470d-a510-ddb9bc3c9935
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968,
102400000, 214990848
Allocating group tables: done
Writing inode tables: done
Creating journal (262144 blocks): done
Writing superblocks and filesystem accounting information: done
6. Montando a partição
box@box:~$ mkdir -pv /media/box/hd_swap
mkdir: created directory '/media/box/hd_swap'
box@box:~$ sudo mount /dev/mapper/hd_swap /media/box/hd_swap -v
mount: /dev/mapper/hd_swap mounted on /media/box/hd_swap.
Top comments (0)