[Image description:
Screenshot of terminal output:

~ ❯ lsblk
NAME           MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
sda              8:0    1  62.5M  0 disk  
└─topLuks      254:2    0  60.5M  0 crypt 
  └─bottomLuks 254:3    0  44.5M  0 crypt

/end image description]

I had no idea!

If anyone else is curious, it’s pretty much what you would expect:

cryptsetup -y -v luksFormat /dev/sda
cryptsetup open /dev/sda topLuks
cryptsetup -y -v luksFormat /dev/mapper/topLuks
cryptsetup open /dev/mapper/topLuks bottomLuks
lsblk

Then you can make a filesystem and mount it:

mkfs.ext4 /dev/mapper/bottomLuks
mount /dev/mapper/bottomLuks ~/mnt/embeddedLuksTest

I’ve tested putting files on it and then unmounting & re-encrypting it, and the files are indeed still there upon decrypting and re-mounting.

Again, sorry if this is not news to anyone else, but I didn’t realise this was possible before, and thought it was very cool when I found it out. Sharing in case other people didn’t know and also find it cool :)

  • Jawa@lemmy.world
    36·
    2 年前

    You can also just split the password for a single LUKS into two parts and give one each to the two people :D

    • flashgnash@lemm.ee
      1·
      2 年前

      But then you know both parts of the password and so must be killed to keep the machine secure

      • Jawa@lemmy.world
        1·
        2 年前

        Ideally you would never have to because you just have the two people come up with their part of the password and then initialise the LUKS partition together. Sorta like a key ceremony