• Contact
  • Contact Us
  • Disclamer
  • Home 1
  • Home 2
  • Home 3
  • Privacy Policy
Friday, May 9, 2025
How VPS - How to use/setup VPS
  • Login
  • Home
  • Management guides
    • Web servers software
      • Directadmin
      • Hocvps Script
      • Centmin Mod
      • CWP
      • Kloxo-MR
      • Plesk
    • Control Panels
    • Securing VPS/Servers
      • SSL Certificates
      • Upgrading
      • Authentication
  • Operating System
    • CentOS
    • Fedora
    • Debian
    • Linux
    • Arch
    • BSD
    • CoreOS
  • Reviews
  • Coupon
    • Domain Coupon
    • Hosting Coupon
No Result
View All Result
  • Home
  • Management guides
    • Web servers software
      • Directadmin
      • Hocvps Script
      • Centmin Mod
      • CWP
      • Kloxo-MR
      • Plesk
    • Control Panels
    • Securing VPS/Servers
      • SSL Certificates
      • Upgrading
      • Authentication
  • Operating System
    • CentOS
    • Fedora
    • Debian
    • Linux
    • Arch
    • BSD
    • CoreOS
  • Reviews
  • Coupon
    • Domain Coupon
    • Hosting Coupon
No Result
View All Result
How VPS - How to use/setup VPS
No Result
View All Result
Home Securing VPS/Servers Encryption

Full Disk Encryption

How VPS by How VPS
November 2, 2018
in Encryption, Securing VPS/Servers
0
0
SHARES
73
VIEWS
Share on FacebookShare on Twitter

Contents

  1. Potential Drawbacks
  2. Getting Started
  3. Creating a Configuration Profile
  4. Enabling Full Disk Encryption
    1. Installing Debian and Mounting the Disks
    2. Configuring Debian
    3. Tidying Up
    4. Join our Community

Full Disk Encryption

Deprecated

This guide has been deprecated and is no longer being maintained.

Full disk encryption protects the information stored on your Linode’s disks by converting it into unreadable code that can only be deciphered by authorized individuals. Nearly everything on the disk is encrypted, including the swap space and temporary files. This guide will help you implement full disk encryption on a Linode running Debian 7 (Wheezy). You’ll learn how to:

  • Format and encrypt your disks
  • Install a base Debian 7 (Wheezy) system with debootstrap
  • Configure services and networking
  • Boot from the encrypted images

Potential Drawbacks

Full disk encryption does a great job of keeping your data secure, but there are a few caveats. To decrypt and mount the disk, you’ll need to enter the encryption passphrase in the console every time your Linode boots. And some Linode Manager tools may not work as expected if your disks are encrypted. You’ll need to manually resize your filesystem if you want to resize your disk. You’ll also need to implement your own backup solution since the Linode Backup Service can’t mount encrypted disks.

Getting Started

Ready to encrypt your Linode’s disks? Here’s how to prepare a Linode for full disk encryption:

  1. Create a new Linode in the data center of your choice.
  2. Make at least three unformatted / raw disks for your Linode. You’ll probably want to use the rest of your disk quota for your main disk.

    • A /boot image, which will be unencrypted. In most cases, 128-256MB will be suitable for /boot.
    • A swap image. You’ll need to choose an appropriate swap size based your particular needs.
    • A root image to store the files in the root of your filesystem.
  3. After you have created these disks, you’ll want to boot into Finnix from the Rescue tab. Ensure that your disks are attached as follows:

    • /boot xvda
    • swap xvdb
    • / xvdc

You’ve successfully created the disks for your Linode.

Creating a Configuration Profile

Next, you’ll need to create a configuration profile for the new Linode. Here’s how to do it:

  1. Create a new configuration profile in the Linode Manager.
  2. Select the pv-grub-x86_64 kernel from the Kernel menu.
  3. In the Block Device Assignment section, select the disks you created in the previous section of this guide.
  4. Disable the Automount devtmpfs and Distro Helper settings.
  5. Save the configuration profile.

Congratulations! You’re now ready to set up full disk encryption on your Linode.

Enabling Full Disk Encryption

Now you’re ready to enable full disk encryption on your Linode running Debian 7 (Wheezy). Here’s how to do it:

  1. Reboot into Finnix from the Rescue tab in the Linode Manager.
  2. Connect to LISH, which will allow you to access the Linode’s virtual console.
  3. Enter the following command to create an encrypted volume. You’ll be prompted for a passphrase. Make sure that you enter a very strong passphrase, and that you store the passphrase in a physically secure location. Or better yet, memorize the passphrase and don’t store it anywhere! :

    cryptsetup luksFormat /dev/xvdc
    

    Caution

    If you lose this passphrase your data will be irretrievable!

    Note

    You may receive a FATAL notice about loading a kernel module used for hardware crypto acceleration. This message can be safely ignored.
  4. Open this encrypted device for access by entering the following command. Enter your passphrase when prompted.

    cryptsetup luksOpen /dev/xvdc crypt-xvdc
    
  5. Create the file systems by entering the following commands, one by one. Use ext2 for /boot, and ext4 for /. :

    mke2fs /dev/xvda
    mke2fs -j /dev/mapper/crypt-xvdc
    
  6. Create and activate your swap partition by entering the following commands, one by one:

    cryptsetup -d /dev/urandom create crypt-swap /dev/xvdb
    mkswap /dev/mapper/crypt-swap
    swapon /dev/mapper/crypt-swap
    

    Note

    Swap will not persist through reboots, so a random key will be used to encrypt swap data.
  7. Mount the encrypted volume to make it writable by entering the following commands, one by one:

    mkdir mnt
    mount /dev/mapper/crypt-xvdc mnt/
    

You have successfully enabled full disk encryption, created the file systems, and mounted the encrypted volume.

Installing Debian and Mounting the Disks

Now it’s time to install Debian 7 (Wheezy) and mount the disks. Here’s how to do it:

  1. Use debootstrap to install a minimal Debian installation by entering the following command:

    debootstrap --arch=amd64  --include=openssh-server,vim,nano,cryptsetup wheezy mnt/
    
  2. Mount /dev/xvda and a few other things in preparation for changing root into the newly created Debian system, then changing root into the new install. Enter the following commands, one by one:

    mount /dev/xvda mnt/boot/
    mount -o bind /dev mnt/dev/
    mount -o bind /dev/pts/ mnt/dev/pts
    mount -t proc /proc/ mnt/proc/
    mount -t sysfs /sys/ mnt/sys/
    chroot mnt/ /bin/bash
    

You have successfully installed Debian and mounted the disks on your Linode.

Configuring Debian

Now that you’re “inside” the newly installed Debian system, you’ll need to make the following changes to create a system that boots and works correctly. Please follow these steps with care. Any error will mean your system will not boot! Here’s how to configure Debian:

  1. Edit /etc/crypttab to match the following:

    crypt-xvdc      /dev/xvdc               none            luks
    crypt-swap      /dev/xvdb               /dev/urandom    swap
    
  2. Edit /etc/fstab to match the following:

    /dev/xvda               /boot   ext2    defaults
    /dev/mapper/crypt-xvdc  /       ext4    noatime,errors=remount-ro
    /dev/mapper/crypt-swap  none    swap    sw
    proc                    /proc   proc    defaults
    
  3. Modify /etc/mtab by entering the following command:

    cat /proc/mounts > /etc/mtab
    
  4. Configure console access. Note that your console must be configured correctly to boot. Edit /etc/inittab and find the following line:

    0:2345:respawn:/sbin/getty 38400 tty1
    
  5. Change the line in /etc/inittab to match the following:

    0:2345:respawn:/sbin/getty 38400 hvc0
    
  6. Install a kernel and a bootloader, and then configure the bootloader to boot your kernel by entering the following commands, one by one:

    mkdir /boot/grub
    apt-get install grub-legacy
    apt-get install linux-image-amd64
    
  7. Locate the following line in /boot/grub/menu.lst:

    # kopt=root=/dev/mapper/crypt-xvdc ro
    
  8. Change the line in /boot/grub/menu.lst to match the following. This will allow update-grub to properly generate a new menu.lst when you update your kernel.

    # kopt=root=/dev/mapper/crypt-xvdc console=hvc0 ro
    
  9. Run update-grub and generate a new initramfs by entering the following commands, one by one:

    update-grub
    update-initramfs -u
    

You have successfully configured Debian for full disk encryption.

Tidying Up

You’re almost finished! Just a couple more steps and you’ll have a Linode with encrypted disks:

  1. You’ll need to make some changes to the structure in /boot due to the way pvgrub expects to see your boot disk. Enter the following commands, one by one:

    cd /boot
    mkdir boot/
    mv grub boot/
    ln -nfs boot/grub grub
    
  2. Set the password for the root user by entering the following command:

    passwd
    
  3. Configure networking by editing /etc/network/interfaces to match the following:

    auto lo eth0
    iface lo inet loopback
    iface eth0 inet dhcp
    
  4. Now exit chroot, unmount your disks, and reboot. You can do this by detaching the screen session and entering the “reboot” command in LISH:

    exit
    umount -l mnt/
    ^a^d
    reboot 1
    

If everything is configured properly your Linode will boot and prompt you for the encryption passphrase. Enter the passphrase on your console to mount your encrypted disk and boot your Linode. Now you’ll want to follow the steps in our Getting Started guide.

Join our Community

Find answers, ask questions, and help others.

This guide is published under a CC BY-ND 4.0 license.

Previous Post

11 Advanced Linux ‘Grep’ Commands on Character Classes and Bracket Expressions

Next Post

How to Extract Tar Files to Specific or Different Directory in Linux

Next Post

How to Extract Tar Files to Specific or Different Directory in Linux

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

No Result
View All Result

Recent Post

Install Imagemagick on CentOS
CentOS

Install Imagemagick on CentOS

by How VPS
June 28, 2023
0

This is how I installed Imagemagick on a vanilla CentOS server Start off by installing the prerequisites yum install php-pear...

Read more
how to Check phpinfo

How to Check phpinfo of Hosting or VPS?

June 28, 2023
Failed to download metadata for repo 'appstream' on Centos 8

How to fix error: Failed to download metadata for repo ‘appstream’ on Centos 8

February 25, 2022
How to Fix MySQL Error "Plugin 'InnoDB' registration as a STORAGE ENGINE failed"?

How to Fix MySQL Error “Plugin ‘InnoDB’ registration as a STORAGE ENGINE failed”?

November 17, 2020
How to optimize Mysql or MariaDB

How to optimize Mysql or MariaDB

November 3, 2020

Recent News

  • Install Imagemagick on CentOS
  • How to Check phpinfo of Hosting or VPS?
  • How to fix error: Failed to download metadata for repo ‘appstream’ on Centos 8

Category

  • Arch
  • Authentication
  • Backups
  • BSD
  • Centmin Mod
  • CentOS
  • Control Panels
  • CoreOS
  • CWP
  • Debian
  • Directadmin
  • Encryption
  • Fedora
  • Firewalls
  • Hocvps Script
  • Hosting providers
  • Kloxo-MR
  • Linux
  • Mitigations
  • Operating System
  • Plesk
  • Reviews
  • Securing VPS/Servers
  • Security Patches
  • SSL Certificates
  • Uncategorized
  • Upgrading
  • VPS/Servers management guides
  • Vulnerability Detection
  • Web servers software
  • Webhosting Control Panel
  • About
  • Advertise
  • Careers
  • Contact

© 2025 JNews - Premium WordPress news & magazine theme by Jegtheme.

No Result
View All Result
  • Home
  • Management guides
    • Web servers software
      • Directadmin
      • Hocvps Script
      • Centmin Mod
      • CWP
      • Kloxo-MR
      • Plesk
    • Control Panels
    • Securing VPS/Servers
      • SSL Certificates
      • Upgrading
      • Authentication
  • Operating System
    • CentOS
    • Fedora
    • Debian
    • Linux
    • Arch
    • BSD
    • CoreOS
  • Reviews
  • Coupon
    • Domain Coupon
    • Hosting Coupon

© 2025 JNews - Premium WordPress news & magazine theme by Jegtheme.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Thabet