[Image description:
Screenshot of terminal output:

~ ❯ lsblk
NAME           MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
sda              8:0    1  62.5M  0 disk  
└─topLuks      254:2    0  60.5M  0 crypt 
  └─bottomLuks 254:3    0  44.5M  0 crypt

/end image description]

I had no idea!

If anyone else is curious, it’s pretty much what you would expect:

cryptsetup -y -v luksFormat /dev/sda
cryptsetup open /dev/sda topLuks
cryptsetup -y -v luksFormat /dev/mapper/topLuks
cryptsetup open /dev/mapper/topLuks bottomLuks
lsblk

Then you can make a filesystem and mount it:

mkfs.ext4 /dev/mapper/bottomLuks
mount /dev/mapper/bottomLuks ~/mnt/embeddedLuksTest

I’ve tested putting files on it and then unmounting & re-encrypting it, and the files are indeed still there upon decrypting and re-mounting.

Again, sorry if this is not news to anyone else, but I didn’t realise this was possible before, and thought it was very cool when I found it out. Sharing in case other people didn’t know and also find it cool :)

  • @theit8514
    link
    28 months ago

    Does cryptsetup/luks do that? I thought that was only software encryption.

    • auth
      link
      fedilink
      48 months ago

      it depends if your hardware supports the algos that cryptsetup/luks use I guess…