Last update at :2024-01-29,Edit by888u
Linux full disk encryption can prevent the leakage of important files. Debian system provides full disk encryption based on LUKS when installing the system. However, the /boot partition cannot be encrypted during installation. We need to use LUKS1 for /boot after the installation is completed. Partition encryption. Note: Don't mess with boot encryption if it's not necessary. The default system encryption method is already very secure. (Encrypt-Map-Format-Mount)
Official website
Click directly to the official website
1. View /boot partition information
lsblk-pfAssume /dev/sda1 is the /boot partition
2. Back up the /boot partition
mount -oremount,ro /boot install -m0600 /dev/null /tmp/boot.tar tar -C /boot --acls --xattrs --one-file-system -cf /tmp/boot.tar . umount /boot3. Use LUKS1 to encrypt/boot
cryptsetup luksFormat --type luks1 /dev/sda14. Map boot_crypt to the encrypted boot partition
uuid="$(blkid -o value -s UUID /dev/sda1)" echo "boot_crypt UUID=$uuid none luks" | tee -a /etc/crypttab cryptdisks_start boot_crypt5. Create a file system on the mapped device and reformat it
grep /boot /etc/fstab lsblk -dno uuid /dev/sda1 mkfs.ext2 -m0 -U D388-FE1E /dev/mapper/boot_crypt6. Remount /boot and restore files
mount -v /boot tar -C /boot --acls --xattrs -xf /tmp/boot.tar(If /boot/efi is a separate partition, you also need to remount it)
7. Use cryptomount when GRUB2 starts
echo "GRUB_ENABLE_CRYPTODISK=y" >>/etc/default/grub update-grub grub-install /dev/sdaAt this point, the full-disk encryption of the Linux system has been completed. Linux full-disk encryption also has other advanced functions, such as downgrading luks2 to luks1, using secret keys to quickly start, and using other keyboard layouts.
Recommended plan for bricklayers
Warm reminder: If you have difficulty choosing, just choose the CN2 GIA-E plan in the middle. The quarterly payment is $49.99, and you can switch between up to 12 computer rooms at will.| CN2 (cheapest) | 1GB | 1 core | 20GB | 1TB | 1Gbps | DC3 CN2 DC8 ZNET | $49.99/year | Buy |
| CN2 | 2GB | 1 core | 40GB | 2TB | 1Gbps | $52.99/half year $99.99/year | Buy | |
| CN2 GIA-E (Most recommended) | 1GB | 2 cores | 20GB | 1TB | 2.5Gbps | DC6 CN2 GIA-E DC9 CN2 GIA Japan SoftBank JPOS_1 Netherlands EUNL_9 | $49.99/quarter $169.99/year | Buy |
| CN2 GIA-E | 2GB | 3 core | 40GB | 2TB | 2.5Gbps | $89.99/quarter $299.99/year | Buy | |
| HK | 2GB | 2 cores | 40GB | 0.5TB | 1Gbps | Hong Kong, China CN2 GIA | $89.99/month $899.99/year | Buy |
| HK | 4GB | 4 core | 80GB | 1TB | 1Gbps | $155.99/month $1559.99/year | Buy | |
| TOKYO | 2GB | 2 cores | 40GB | 0.5TB | 1.2Gbps | Tokyo, Japan CN2 GIA | $89.99/month $899.99/year | Buy |
| TOKYO | 4GB | 4 core | 80GB | 1TB | 1.2Gbps | $155.99/month $1559.99/year | Buy | |
Recommended site searches: US website space, mainland China IP agent, IP query network, Yunnan virtual host, registration-free virtual space, cm domain name, cloud server website IP address query for 6 yuan per year, permanently free cloud server, distribution Host,
发表评论