Security :: Linux Fedora Disk Encryption

Printer-friendly version

Fedora 11 uses dm-crypt/LUKS to perform Block Level encryption of a file system. LUKS (Linux Unified Key Setup) is a specification for block device encryption. It establishes an on-disk format for the data, as well as a passphrase/key management policy.

LUKS uses the kernel device mapper subsystem via the dm-crypt module. This arrangement provides a low-level mapping that handles encryption and decryption of the device's data. User-level operations such as creating and accessing encrypted devices are accomplished through the use of the cryptsetup utility.

During system startup you will be presented with a passphrase prompt. After the correct passphrase has been provided, the system will continue to boot normally. If you used different passphrases for multiple encrypted devices, you may need to enter more than one passphrase during the startup. However, it's not essential to use different passphrases; one strong passphrase will suffice.

Note that, while dm-crypt/LUKS supports both keys and passphrases, the anaconda installer only supports the use of passphrases for creating and accessing encrypted block devices during installation.

Refer to section C of the latest Fedora Installation Guide for full information on the use of dm-crypt/LUKS.