LUKS encryption on root partition LVM

Latest response

Hello Team,

Greetings to you!

We have a requirement to encrypt the root partition using LUKS encryption.
We tried creating the LUKS and copied the root content again then added /etc/crypttab entry and rebuild using dracut -f command but during boot time it is again going into dracut shell. Is there any good article or steps which can take me to achieve this task. I am really new to RHEL and LVM so it is taking more time to understand the functionality. It will be great help in case if I get good solution to achieve this.

I am trying it with RHEL 8.

Thanks&Regards,
Gobi S.

Responses

Hi Gobi,

Eventually the information in these three articles/documents may help you. :)

Encrypting block devices using LUKS

Configuring LUKS: Linux Unified Key Setup

How to encrypt root partition and entire file system using LUKS in Linux

Regards,
Christian

Hi Christian,

Thanks for your docs provided in the other thread, Actually I have read those article and tried but I failed to do it. After long struggle, I could identify the issue.

As per the document it says we need to put grub entry like below GRUB_CMDLINE_LINUX="crashkernel=auto resume=/dev/mapper/rhel-swap rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet biosdevname=0 net.ifnames=0 rd.luks.uuid=luks-4c9b0973-407f-44e4-a91b-446014832ce6"

In this above example rd.luks.uuid given as rd.luks.uuid=luks-4c9b0973-407f-44e4-a91b-446014832ce6 this made confusion here, We should give only uuid not with luks-

I tried with below entry then I am able to get the LUKS working GRUB_CMDLINE_LINUX="crashkernel=auto resume=/dev/mapper/rhel-swap rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet biosdevname=0 net.ifnames=0 rd.luks.uuid=4c9b0973-407f-44e4-a91b-446014832ce6"

May be my understanding about the document was wrong else document needs to be corrected.

Just for your information.

Thanks for your support.

Regards. Gobi S.

You're welcome, Gobi ! Glad the documents were useful for you. :)

Regards,
Christian

Yes, you are right. That was a Typo. I have corrected it. You can feel free to correct such errors in the same article's comment section as that would help others facing similar problem