4

I'm looking for a clear tutorial on how to do this but I'm encountering insufficient information everywhere. Namely, I have a laptop with the following disk configuration:

enter image description here

Drive one has Fedora 38 installed and the drive is encrypted. However, I have a second SSD, independent of the one on which Fedora 38 is installed, and I would like to encrypt it with LUKS as well. I have searched and read but I am lost.

https://docs.fedoraproject.org/en-US/quick-docs/encrypting-drives-using-LUKS/#_remove_a_passphrase_or_key_from_a_device

reading the official Fedora guide to LUKS encryption, I can not grasp the idea of how to implement this to the second SSD independent drive so that if, for example, I need to reinstall Fedora or another system on the drive on which the operating system is currently, I do not fear losing access to the second drive encrypted.

  1. How to correctly implement the above (or other) guide to have the second SSD encrypted?
  2. What steps would have to be considered in such a solution to have access to this drive in case of reinstallation of the system or blowing out the drive with the operating system? (I mean here a copy of the keys, etc. ?)
  3. I tried this tutorial from point 4 and unfortunately ended up somewhere with my mistake and after rebooting the system I had to enter twice the password to the encrypted drive with OS and to the other SSD drive but unfortunately after entering both passwords correctly, I received a message about the need to log in as root to repair the system.
  4. Is it possible to implement a solution so that it only asks for the password to the encrypted partition with OS, and to the second drive only from within Fedora ?

I would be grateful if someone would try to explain it to me, I have searched really many places from Fedora, here, Youtube as well as other articles but I am probably too stupid to understand it.

Improve this question

1 Answer 1

Reset to default
1

  1. gnome-disks is an easy to use graphical utility, which is there by default in RHEL/CentOS 7/8. I don't know about fedora, but that greatly simplifies the formatting and LUKS encrypting of any other disk connected to the system, rather than going the command line route.

  2. any LUKS encrypted disk you need to store the passphrase you would type during boot or during mount when prompted to do so to unlock the disk (partition actually). That disk can be moved and mounted to any [linux] system suporting that version of LUKS.

  3. yes, if every partition is encrypted, of every disk connected to the system, there is a way to be prompted only once during boot, for the passphrase of the / partition and then from there LUKS can access keys for all the other partitions and they will unlock and mount automatically. I set this up during initial install time RHEL/CentOS from bootable iso. In that regard it has been reliable. When I've tried to do this manually after installation, I have had problems in RHEL 7. Could be I did something wrong, but I never figured out the reason so I prefer using gnome-disks.

Automatically mounting LUKS encrypted volume during boot

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.