Encrypt Block Devices With LUKS

Oracle Linux uses Linux Unified Key Setup (LUKS) to perform block device encryption. By default, the option to encrypt a disk with LUKS is disabled at installation. If the encryption option at installation is enabled, the system prompts for a passphrase every time you boot or mount the device. The passphrase is an encryption key that decrypts the partition or volume and makes the file system accessible.

Note:

Using Cockpit to configure LUKS on the root file system isn't supported.

Post installation, Cockpit administrators can use the web console to change the encryption passphrase or to format a disk partition or logical volume with or without LUKS encryption. For more information, see these topics: