[Image description:
Screenshot of terminal output:
~ ❯ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sda 8:0 1 62.5M 0 disk
└─topLuks 254:2 0 60.5M 0 crypt
└─bottomLuks 254:3 0 44.5M 0 crypt
/end image description]
I had no idea!
If anyone else is curious, it’s pretty much what you would expect:
cryptsetup -y -v luksFormat /dev/sda
cryptsetup open /dev/sda topLuks
cryptsetup -y -v luksFormat /dev/mapper/topLuks
cryptsetup open /dev/mapper/topLuks bottomLuks
lsblk
Then you can make a filesystem and mount it:
mkfs.ext4 /dev/mapper/bottomLuks
mount /dev/mapper/bottomLuks ~/mnt/embeddedLuksTest
I’ve tested putting files on it and then unmounting & re-encrypting it, and the files are indeed still there upon decrypting and re-mounting.
Again, sorry if this is not news to anyone else, but I didn’t realise this was possible before, and thought it was very cool when I found it out. Sharing in case other people didn’t know and also find it cool :)
Of course, and you can also add on as many layers of LVM and MDADM as you’d like.
You can also do the same with disk images (including sparse images)
Above and/or below LUKS!
So these days I use LVMRAID instead of mdraid. Underneath it uses mdraid but it’s a bit easier to use since it’s self-contained in LVM.