0

when installing RHEL-8.10 from rhel-8.10-x86_64-dvd.iso in the partition scheme I choose encrypt my data. And for all the partitions I have checked as encrypt such as /home and /var and / and however many else.... here at installation time.... when the system boots I am prompted [once] to enter this one LUKS password to continue booting where all those LUKS2 encrypted partitions are then automatically unlocked and mounted. All this configuration and however it is done is taken care of by the RHEL installer.

In /etc/fstab you can identify the recognize the LUKS2 syntax of all those partitions on the one disk I have installed RHEL-8.10 on.

I have a second disk, after RHEL installation, that I have formatted as XFS and it shows up as /dev/sdb1 and is mounted as /scratch.

How do I

  • encrypt this /dev/sdb1 partition?
  • have it automatically unlock and mount at boot time using the same LUKS password I used at RHEL installation time for all the system partitions?
Improve this question

1 Answer 1

Reset to default
0

You can encrypt the new filesystem with cryptsetup-reencrypt or reformat the whole disk but instead of formatting it directly, create a luks partition and then create the filesystem inside the luks-device.

After you have an encrypted filesystem, you have to adjust your /etc/fstab to not mount the blockdevice anymore but the unlocked filesystem either by its UUID or by the path to the mapper.

To have the luks device automatically unlocked, you need to adjust /etc/crypttab. To have it unlocked with the same password, you also need to recreate the initramfs and/or the kernel-cmd. Another option (recommend) is to use a keyfile and reference it in crypttab. Because the keyfile is encrypted itself if placed on the root-partition, this is no problem. Since /scratch is not necessary during the boot-process, any unlock/mount during boot is also no problem.

There is also some documentation in the RHEL docs

Improve this answer
1
  • sounds good. But... I still don't know what to type on the keyboard to make it happen Commented Nov 18, 2024 at 14:10

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.