Linux Unified Key Setup
How To Linux Hard Disk Encryption With LUKS
cees@laptop01:~$ sudo dmesg | tail -n 15
[82233.627809] usb 1-2: New USB device found, idVendor=04e8, idProduct=1f08, bcdDevice= 0.00
[82233.627819] usb 1-2: New USB device strings: Mfr=1, Product=11, SerialNumber=3
[82233.627824] usb 1-2: Product: Samsung S2 Portable
[82233.627828] usb 1-2: Manufacturer: JMicron
[82233.627831] usb 1-2: SerialNumber: 00000011E09310500693
[82233.632400] usb-storage 1-2:1.0: USB Mass Storage device detected
[82233.632596] scsi host1: usb-storage 1-2:1.0
[82234.699077] scsi 1:0:0:0: Direct-Access Samsung S2 Portable PQ: 0 ANSI: 2 CCS
[82234.699944] sd 1:0:0:0: Attached scsi generic sg2 type 0
[82234.730742] sd 1:0:0:0: [sdc] 1953525168 512-byte logical blocks: (1.00 TB/932 GiB)
[82234.731462] sd 1:0:0:0: [sdc] Write Protect is off
[82234.731469] sd 1:0:0:0: [sdc] Mode Sense: 3c 00 00 00
[82234.732043] sd 1:0:0:0: [sdc] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
[82234.763145] sdc: sdc1
[82234.763318] sd 1:0:0:0: [sdc] Attached SCSI disk
Check correct drive before overwriting
cees@laptop01:~$ sudo fdisk -l
Disk /dev/nvme0n1: 931.51 GiB, 1000204886016 bytes, 1953525168 sectors
Disk model: WD_BLACK SN770 1TB
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 041FB9BD-047D-4712-A7E9-69EB59D1D8FA
Device Start End Sectors Size Type
/dev/nvme0n1p1 2048 1230847 1228800 600M EFI System
/dev/nvme0n1p2 1230848 3327999 2097152 1G Linux extended boot
/dev/nvme0n1p3 3328000 1953523711 1950195712 929.9G Linux filesystem
Disk /dev/zram0: 8 GiB, 8589934592 bytes, 2097152 sectors
Units: sectors of 1 * 4096 = 4096 bytes
Sector size (logical/physical): 4096 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disk /dev/sdc: 931.51 GiB, 1000204886016 bytes, 1953525168 sectors
Disk model: S2 Portable
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x0009b56a
Device Boot Start End Sectors Size Id Type
/dev/sdc1 2048 1953525167 1953523120 931.5G e8 unknown
Encrypt drive
This step destroys all data on the drive. Store the password somewhere safe, if you loose the password the data is lost forever.
cees@laptop01:~$ sudo cryptsetup -y -v luksFormat --type luks2 /dev/sdc
WARNING!
========
This will overwrite data on /dev/sdc irrevocably.
Are you sure? (Type 'yes' in capital letters): YES
Enter passphrase for /dev/sdc:
Verify passphrase:
Key slot 0 created.
Command successful.
Open encrypted drive
cees@laptop01:~$ sudo cryptsetup luksOpen /dev/sdc data01
Enter passphrase for /dev/sdc:
Check partition
cees@laptop01:~$ ls -l /dev/mapper/data01
lrwxrwxrwx. 1 root root 7 Sep 7 10:03 /dev/mapper/data01 -> ../dm-0
Zero partition
cees@laptop01:~$ date
Sun 7 Sep 10:22:37 CEST 2025
sudo dd if=/dev/zero of=/dev/mapper/data01 bs=256M status=progress
998043025408 bytes (998 GB, 930 GiB) copied, 358 s, 2.8 GB/s
dd: error writing '/dev/mapper/data01': No space left on device
3726+0 records in
3725+0 records out
1000188108800 bytes (1.0 TB, 931 GiB) copied, 362.514 s, 2.8 GB/s
cees@laptop01:~$ date
Sun 7 Sep 10:28:40 CEST 2025
Format partition ext4
cees@laptop01:~$ sudo mkfs -t ext4 -L data01 /dev/mapper/data01
mke2fs 1.47.2 (1-Jan-2025)
Creating filesystem with 244186550 4k blocks and 61046784 inodes
Filesystem UUID: 010753e1-a8ac-4ac4-a53b-0d726ee00a1e
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968,
102400000, 214990848
Allocating group tables: done
Writing inode tables: done
Creating journal (262144 blocks): done
Writing superblocks and filesystem accounting information: done