Howdy, I think I got a old 3TB hard drive to work. After dd'ing it, redoing partitions and such, it seems to be working. Right now, I'm copying a bunch of data to it to see how it holds up. Oh, it's a PMR drive too. lol Once I'm pretty sure it is alive and working well, I want to play with encryption. At some point, I plan to encrypt /home. I found a bit of info with startpage but some is dated. This is one link that seems to be from this year, at least updated this year.
https://linoxide.com/linux-how-to/encrypt-linux-filesystem/ It seems like a nice one since it has commands and what it should look like when it is performing the commands. I like knowing what I'm doing sort of matches what the howto shows. It also seems to use LVM which I will be using as well. I think I can follow that and get a working encrypted storage. Later, I can attempt this on /home without doing it blind. I also have the options in the kernel as well. I'll post them at the bottom. I enabled quite a lot a while back. ;-) Is this a secure method or is there a more secure way? Is there any known issues with using this? Anyone here use this method? Keep in mind, LVM. BTFRS, SP?, may come later. One other question, can one change the password every once in a while? Or once set, you stuck with it from then on? If anyone has links to even better howtos, I'd love to check them out. Dale :-) :-) root@fireball / # zcat /proc/config.gz | grep crypt | grep =y CONFIG_ARCH_HAS_MEM_ENCRYPT=y CONFIG_DM_CRYPT=y CONFIG_CRYPTO=y CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_ALGAPI2=y CONFIG_CRYPTO_AEAD=y CONFIG_CRYPTO_AEAD2=y CONFIG_CRYPTO_SKCIPHER=y CONFIG_CRYPTO_SKCIPHER2=y CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_HASH2=y CONFIG_CRYPTO_RNG=y CONFIG_CRYPTO_RNG2=y CONFIG_CRYPTO_RNG_DEFAULT=y CONFIG_CRYPTO_AKCIPHER2=y CONFIG_CRYPTO_AKCIPHER=y CONFIG_CRYPTO_KPP2=y CONFIG_CRYPTO_ACOMP2=y CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER2=y CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y CONFIG_CRYPTO_GF128MUL=y CONFIG_CRYPTO_NULL=y CONFIG_CRYPTO_NULL2=y CONFIG_CRYPTO_CRYPTD=y CONFIG_CRYPTO_AUTHENC=y CONFIG_CRYPTO_SIMD=y CONFIG_CRYPTO_GLUE_HELPER_X86=y CONFIG_CRYPTO_RSA=y CONFIG_CRYPTO_ECHAINIV=y CONFIG_CRYPTO_CBC=y CONFIG_CRYPTO_ECB=y CONFIG_CRYPTO_LRW=y CONFIG_CRYPTO_XTS=y CONFIG_CRYPTO_NHPOLY1305=y CONFIG_CRYPTO_NHPOLY1305_SSE2=y CONFIG_CRYPTO_NHPOLY1305_AVX2=y CONFIG_CRYPTO_ESSIV=y CONFIG_CRYPTO_HMAC=y CONFIG_CRYPTO_CRC32C=y CONFIG_CRYPTO_XXHASH=y CONFIG_CRYPTO_BLAKE2B=y CONFIG_CRYPTO_CRCT10DIF=y CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_RMD128=y CONFIG_CRYPTO_RMD160=y CONFIG_CRYPTO_RMD256=y CONFIG_CRYPTO_RMD320=y CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_SHA1_SSSE3=y CONFIG_CRYPTO_SHA256_SSSE3=y CONFIG_CRYPTO_SHA512_SSSE3=y CONFIG_CRYPTO_SHA256=y CONFIG_CRYPTO_SHA512=y CONFIG_CRYPTO_WP512=y CONFIG_CRYPTO_AES=y CONFIG_CRYPTO_AES_TI=y CONFIG_CRYPTO_ARC4=y CONFIG_CRYPTO_BLOWFISH=y CONFIG_CRYPTO_BLOWFISH_COMMON=y CONFIG_CRYPTO_BLOWFISH_X86_64=y CONFIG_CRYPTO_CAMELLIA=y CONFIG_CRYPTO_CAMELLIA_X86_64=y CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=y CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=y CONFIG_CRYPTO_DES=y CONFIG_CRYPTO_SERPENT=y CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y CONFIG_CRYPTO_TWOFISH=y CONFIG_CRYPTO_TWOFISH_COMMON=y CONFIG_CRYPTO_TWOFISH_X86_64=y CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y CONFIG_CRYPTO_ANSI_CPRNG=y CONFIG_CRYPTO_DRBG_MENU=y CONFIG_CRYPTO_DRBG_HMAC=y CONFIG_CRYPTO_DRBG=y CONFIG_CRYPTO_JITTERENTROPY=y CONFIG_CRYPTO_USER_API=y CONFIG_CRYPTO_USER_API_HASH=y CONFIG_CRYPTO_USER_API_SKCIPHER=y CONFIG_CRYPTO_USER_API_RNG=y CONFIG_CRYPTO_LIB_AES=y CONFIG_CRYPTO_LIB_ARC4=y CONFIG_CRYPTO_LIB_DES=y CONFIG_CRYPTO_LIB_POLY1305_GENERIC=y CONFIG_CRYPTO_LIB_SHA256=y CONFIG_CRYPTO_HW=y root@fireball / # Just wanted to have a few extras. ROFL
