J. Roeleveld wrote: > On 6 June 2020 06:37:23 CEST, Dale <rdalek1...@gmail.com> wrote: >> Howdy, >> >> I think I got a old 3TB hard drive to work. After dd'ing it, redoing >> partitions and such, it seems to be working. Right now, I'm copying a >> bunch of data to it to see how it holds up. Oh, it's a PMR drive too. >> lol Once I'm pretty sure it is alive and working well, I want to play >> with encryption. At some point, I plan to encrypt /home. I found a >> bit >> of info with startpage but some is dated. This is one link that seems >> to be from this year, at least updated this year. >> >> https://linoxide.com/linux-how-to/encrypt-linux-filesystem/ >> >> It seems like a nice one since it has commands and what it should look >> like when it is performing the commands. I like knowing what I'm doing >> sort of matches what the howto shows. It also seems to use LVM which I >> will be using as well. I think I can follow that and get a working >> encrypted storage. Later, I can attempt this on /home without doing it >> blind. I also have the options in the kernel as well. I'll post them >> at the bottom. I enabled quite a lot a while back. ;-) >> >> Is this a secure method or is there a more secure way? Is there any >> known issues with using this? Anyone here use this method? Keep in >> mind, LVM. BTFRS, SP?, may come later. >> >> One other question, can one change the password every once in a while? >> Or once set, you stuck with it from then on? >> >> If anyone has links to even better howtos, I'd love to check them out. >> >> Dale >> >> :-) :-) >> >> >> root@fireball / # zcat /proc/config.gz | grep crypt | grep =y >> CONFIG_ARCH_HAS_MEM_ENCRYPT=y >> CONFIG_DM_CRYPT=y >> CONFIG_CRYPTO=y >> CONFIG_CRYPTO_ALGAPI=y >> CONFIG_CRYPTO_ALGAPI2=y >> CONFIG_CRYPTO_AEAD=y >> CONFIG_CRYPTO_AEAD2=y >> CONFIG_CRYPTO_SKCIPHER=y >> CONFIG_CRYPTO_SKCIPHER2=y >> CONFIG_CRYPTO_HASH=y >> CONFIG_CRYPTO_HASH2=y >> CONFIG_CRYPTO_RNG=y >> CONFIG_CRYPTO_RNG2=y >> CONFIG_CRYPTO_RNG_DEFAULT=y >> CONFIG_CRYPTO_AKCIPHER2=y >> CONFIG_CRYPTO_AKCIPHER=y >> CONFIG_CRYPTO_KPP2=y >> CONFIG_CRYPTO_ACOMP2=y >> CONFIG_CRYPTO_MANAGER=y >> CONFIG_CRYPTO_MANAGER2=y >> CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y >> CONFIG_CRYPTO_GF128MUL=y >> CONFIG_CRYPTO_NULL=y >> CONFIG_CRYPTO_NULL2=y >> CONFIG_CRYPTO_CRYPTD=y >> CONFIG_CRYPTO_AUTHENC=y >> CONFIG_CRYPTO_SIMD=y >> CONFIG_CRYPTO_GLUE_HELPER_X86=y >> CONFIG_CRYPTO_RSA=y >> CONFIG_CRYPTO_ECHAINIV=y >> CONFIG_CRYPTO_CBC=y >> CONFIG_CRYPTO_ECB=y >> CONFIG_CRYPTO_LRW=y >> CONFIG_CRYPTO_XTS=y >> CONFIG_CRYPTO_NHPOLY1305=y >> CONFIG_CRYPTO_NHPOLY1305_SSE2=y >> CONFIG_CRYPTO_NHPOLY1305_AVX2=y >> CONFIG_CRYPTO_ESSIV=y >> CONFIG_CRYPTO_HMAC=y >> CONFIG_CRYPTO_CRC32C=y >> CONFIG_CRYPTO_XXHASH=y >> CONFIG_CRYPTO_BLAKE2B=y >> CONFIG_CRYPTO_CRCT10DIF=y >> CONFIG_CRYPTO_MD5=y >> CONFIG_CRYPTO_RMD128=y >> CONFIG_CRYPTO_RMD160=y >> CONFIG_CRYPTO_RMD256=y >> CONFIG_CRYPTO_RMD320=y >> CONFIG_CRYPTO_SHA1=y >> CONFIG_CRYPTO_SHA1_SSSE3=y >> CONFIG_CRYPTO_SHA256_SSSE3=y >> CONFIG_CRYPTO_SHA512_SSSE3=y >> CONFIG_CRYPTO_SHA256=y >> CONFIG_CRYPTO_SHA512=y >> CONFIG_CRYPTO_WP512=y >> CONFIG_CRYPTO_AES=y >> CONFIG_CRYPTO_AES_TI=y >> CONFIG_CRYPTO_ARC4=y >> CONFIG_CRYPTO_BLOWFISH=y >> CONFIG_CRYPTO_BLOWFISH_COMMON=y >> CONFIG_CRYPTO_BLOWFISH_X86_64=y >> CONFIG_CRYPTO_CAMELLIA=y >> CONFIG_CRYPTO_CAMELLIA_X86_64=y >> CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=y >> CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=y >> CONFIG_CRYPTO_DES=y >> CONFIG_CRYPTO_SERPENT=y >> CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y >> CONFIG_CRYPTO_TWOFISH=y >> CONFIG_CRYPTO_TWOFISH_COMMON=y >> CONFIG_CRYPTO_TWOFISH_X86_64=y >> CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y >> CONFIG_CRYPTO_ANSI_CPRNG=y >> CONFIG_CRYPTO_DRBG_MENU=y >> CONFIG_CRYPTO_DRBG_HMAC=y >> CONFIG_CRYPTO_DRBG=y >> CONFIG_CRYPTO_JITTERENTROPY=y >> CONFIG_CRYPTO_USER_API=y >> CONFIG_CRYPTO_USER_API_HASH=y >> CONFIG_CRYPTO_USER_API_SKCIPHER=y >> CONFIG_CRYPTO_USER_API_RNG=y >> CONFIG_CRYPTO_LIB_AES=y >> CONFIG_CRYPTO_LIB_ARC4=y >> CONFIG_CRYPTO_LIB_DES=y >> CONFIG_CRYPTO_LIB_POLY1305_GENERIC=y >> CONFIG_CRYPTO_LIB_SHA256=y >> CONFIG_CRYPTO_HW=y >> root@fireball / # >> >> Just wanted to have a few extras. ROFL > A gentoo centric manual/howto: > > https://wiki.gentoo.org/wiki/Dm-crypt >
Thanks for both replies. I found one other Gentoo one but it was encrypting the whole thing, /boot and all, plus they used efi. I didn't find the one you linked too. First drive seems to have died. Got part way copying files and things got interesting. When checking smartctrl, it even puked on my keyboard. Drive only had a few hundred hours on it so maybe the drive was iffy from the start or that enclosure did damage somehow. Either way, drive two being tested. Running smartctrl test first and then restart from scratch and fill it up with files or something. Thanks much. Dale :-) :-)
