Skip to main content
Unix & Linux

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

3
  • "the LUKS header can be used on any block device" : are you absolutely sure about this ? I have some doubts because of Wikipedia's statement that a LUKS2 header's JSON area contains "segments" that "describe encrypted areas on the disk" (en.wikipedia.org/wiki/Linux_Unified_Key_Setup#LUKS2). Which would mean that a LUKS header is tied to a specific drive. Commented Nov 20, 2023 at 12:10
  • @ChennyStar - Interesting. Yes the LUKS2 spec adds JSON metadata that contains the segments but it appears that this is more about defining how the device itself looks rather than the data on it. One limitation i see is that all block devices for the same header must hence have the same block size (as that information - the block size - is included in the segments metadata) Commented Jan 2, 2024 at 17:12
  • Yep, that's the conclusion I reached too. There are some other limitations though : you can not use the containers' UUID to identify them, because the UUID is stored in the header. And you cannot use dm-integrity. See unix.stackexchange.com/questions/762089/…, where I asked the same question. Commented Jan 3, 2024 at 4:09