1. Using the Cockpit Web Console
  2. Storage Management Tasks
  3. Encrypt Block Devices With LUKS
  4. Lock Disk Device With LUKs

Lock Disk Device With LUKs

Cockpit administrators can use the Storage page in the web console to format a partition or volume with LUKs encryption.

What Do You Need?

  • The Cockpit web console must be installed and accessible.

    For details, see these topics: Install and Enable Cockpit and Log in to the Cockpit Web Console.

  • The cockpit-storaged package must be installed.

    Note:

    If the cockpit-storaged package isn't installed, see this section Install and Manage Add-on Applications
  • Unmount all file systems on the device that you plan to encrypt

    Note:

    You can re-encrypt encrypted devices while the devices are in use (change encryption key or algorithm) using the LUKS2 format. The LUKS1 format doesn't provide online re-encryption.
  • Block storage device must have a file system.
  • The disk name in which you want to encrypt a partition must be visible to Cockpit and appear in the Drives table on the Storage page.
  • The volume name in which you want to encrypt a logical volume must be visible to Cockpit and appear in the Devices table on the Storage page.
  • Backup the data on the partition or logical volume in which you want to encrypt using LUKs. Formatting a partition or volume deletes all the data and sets up a new file system.
  • Administrator privileges.

Steps

Using the Cockpit web console, follow these steps to format and encrypt a host partition or logical volume with LUKs.

  1. In the Cockpit navigation pane, click Storage.

    The Storage page appears.

  2. In the Storage page, perform one of the following:
    • Select a drive from the Drives table:
      1. In the Storage [model name] page, navigate to the Partitions table.
      2. In the Partitions table, find the partition you want to format and then select Format from the actions [] menu.
    • Select a volume from the Devices table:
      1. In the Storage [volume group name] page, navigate to the Logical Volumes table.
      2. In the Logical Volumes table, find the volume entry that you want to format and then select Format from the actions [] menu.
  3. In the Format dialog, specify the following properties and then Click Format.

    WARNING:

    Formatting deletes all the data and sets up a new file system.
    Name In the Name text box, enter a partition label to help users identify a partition.
    Type In the Type drop-down box, select a file system format type, for example:
    • XFS (recommended) – XFS is considered the high performance scalable file system format for Oracle Linux systems disk devices.
    • EXT4 – EXT4 is a scalable extension of the EXT3 file system.
    • No File system – A no file system format causes the system to save data as one large body of data with no way to tell where any piece of data is found or how to review and retrieve it.
    Overwrite Select or clear the Overwrite checkbox. When selected, the deleted data is overwritten with zeros, making the deleted data unrecoverable.
    Mount options Select one or more mount point options.
    Encryption (LUKs) In the Encryption drop-down list box, select one of the following options:
    • LUKs1 - LUKs1 provides compatible format for earlier release of Oracle Linux.
    • LUKs2 (recommended) - LUKS2 offers more flexible unlocking policies, stronger cryptography, and better compatibility with future enhancements.
    • No Encryption - Encryption protection isn't implemented.
    Passphrase In the Passphrase text box, specify a passphrase to be used to decrypt the partition and make the content accessible.
    Confirm In the Confirm text box, enter the passphrase that you entered in the Passphrase text box.
    Store Passphrase Select or clear the checkbox for Store Passphrase.
    Encryption Options In the Encryption Options text box, specify the required encryption options.