1 00:00:00,000 --> 00:00:09,480 In this video, you'll learn about LUX disk encryption. 2 00:00:09,480 --> 00:00:10,880 So what is the purpose? 3 00:00:10,880 --> 00:00:15,680 The purpose is to ensure that if somebody finds your laptop and doesn't know your password, 4 00:00:15,680 --> 00:00:20,459 they don't just connect the laptop to their system and read all files on the disk. 5 00:00:20,459 --> 00:00:23,240 So how can you create a LUX encrypted partition? 6 00:00:23,240 --> 00:00:25,600 Well, first you create a partition. 7 00:00:25,600 --> 00:00:30,760 Then you use Cryptsetup LUX format, which will format the partition as a LUX device. 8 00:00:30,760 --> 00:00:35,560 Next, Cryptsetup LUX open will open it and create a device mapper name. 9 00:00:35,560 --> 00:00:39,400 And then you can mount the resulting device mapper name. 10 00:00:39,400 --> 00:00:45,919 If you want to automate the Cryptsetup LUX open process, you can use ETC Crypt tab. 11 00:00:45,919 --> 00:00:52,279 And in ETC Crypt tab, you can specify different parameters on what exactly to do. 12 00:00:52,279 --> 00:00:57,279 Without ETC Crypt tab, you need to manually do a Cryptsetup LUX open. 13 00:00:57,279 --> 00:01:01,799 I will show you how to do it manually, because if you do have an ETC Crypt tab, you will 14 00:01:01,799 --> 00:01:07,839 be prompted for a LUX passphrase, unless you are going to set up a LUX authentication server, 15 00:01:07,839 --> 00:01:10,760 which is beyond the scope of Linux+. 16 00:01:10,760 --> 00:01:15,000 I don't want to have an ETC Crypt tab because I don't want to enter my passphrase every 17 00:01:15,000 --> 00:01:17,639 single time I'm rebooting. 18 00:01:17,639 --> 00:01:23,279 Now to automate mounting the volume, obviously, you use ETC FS tab. 19 00:01:23,279 --> 00:01:24,680 Let me show you. 20 00:01:24,680 --> 00:01:27,400 So to do this, I need a new partition. 21 00:01:27,400 --> 00:01:29,720 Let's start using LSB-LK. 22 00:01:29,720 --> 00:01:34,199 I think I still have logical partitions on NVMe 0 and 1. 23 00:01:34,199 --> 00:01:37,559 There we have partition 2, which is an extended partition. 24 00:01:37,559 --> 00:01:44,279 I can see that by the size of 1K, you only have that in an MBR extended partition. 25 00:01:44,279 --> 00:01:46,199 And we only have one gig in there. 26 00:01:46,199 --> 00:01:52,599 So I'm going to use fdisk on dev NVMe 0 and 1. 27 00:01:52,599 --> 00:01:56,959 Next I'm using N and it's telling me it's creating a logical partition. 28 00:01:56,959 --> 00:01:57,959 That is okay. 29 00:01:57,959 --> 00:02:07,959 And I make it two gigabytes using W. And now I have NVMe 0 and 1 P6. 30 00:02:07,959 --> 00:02:10,520 So I'm going to format the crypto layer. 31 00:02:10,520 --> 00:02:17,679 Script setup LUX format on dev NVMe 0 and 1 P6. 32 00:02:17,679 --> 00:02:19,839 And yes, I'm sure I want to do that. 33 00:02:19,839 --> 00:02:23,160 And next I need to enter my passphrase. 34 00:02:23,160 --> 00:02:27,119 This passphrase should be reasonable secure, otherwise you get an error message and you 35 00:02:27,119 --> 00:02:28,600 may try it again. 36 00:02:28,600 --> 00:02:32,039 So don't try password or anything obvious like that. 37 00:02:32,039 --> 00:02:34,839 So now the crypto layer has been formatted. 38 00:02:34,839 --> 00:02:45,360 And I can use script setup LUX open on dev NVMe 0 and 1 P6. 39 00:02:45,360 --> 00:02:50,160 And when I use LUX open, I also need to give it a device name. 40 00:02:50,160 --> 00:02:52,639 So I'm creating the device secret. 41 00:02:52,639 --> 00:02:55,800 Oh no, I'm doing it the wrong way around. 42 00:02:55,800 --> 00:02:59,679 You first need the device and then the device name. 43 00:02:59,679 --> 00:03:02,919 So that is asking for my passphrase. 44 00:03:02,919 --> 00:03:09,720 And once the device is open, I should see it in dev mapper directory. 45 00:03:09,720 --> 00:03:11,839 And there you can see dev mapper secret. 46 00:03:11,839 --> 00:03:13,479 That is my LUX device. 47 00:03:13,479 --> 00:03:20,759 And this is where I'm going to use mkfs.ext4 on dev mapper secret. 48 00:03:20,759 --> 00:03:25,720 And as I was mentioning, either you put it in fstab, but then you also need a crypt tab 49 00:03:25,720 --> 00:03:27,119 or you don't. 50 00:03:27,119 --> 00:03:28,399 And that's what I'm going to do. 51 00:03:28,399 --> 00:03:33,800 I don't need a crypt tab because I don't want to be entering this passphrase every time I'm booting.