Arch Linux Disk Encryption - ryzendew/Linux-Tips-and-Tricks GitHub Wiki
Arch Linux Disk Encryption Guide
Complete beginner-friendly guide to disk encryption on Arch Linux, including LUKS encryption, encrypted swap, and encrypted installation.
Table of Contents
LUKS Encryption
Install cryptsetup
Install tools:
# Install cryptsetup
sudo pacman -S cryptsetup
# Check version
cryptsetup --version
Encrypting Partitions
Encrypt Partition
Create encrypted partition:
# Encrypt partition
sudo cryptsetup luksFormat /dev/sda2
# Enter passphrase when prompted
Open Encrypted Partition
Open encrypted device:
# Open encrypted partition
sudo cryptsetup open /dev/sda2 cryptroot
# Format
sudo mkfs.ext4 /dev/mapper/cryptroot
# Mount
sudo mount /dev/mapper/cryptroot /mnt
Encrypted Swap
Encrypt Swap
Create encrypted swap:
# Create swap
sudo cryptsetup -d /dev/urandom open --type plain /dev/sda3 swap
# Format
sudo mkswap /dev/mapper/swap
# Enable
sudo swapon /dev/mapper/swap
Auto-Enable Encrypted Swap
Add to fstab:
# Edit fstab
sudo vim /etc/fstab
Add:
/dev/mapper/swap none swap sw 0 0
Mounting Encrypted Disks
Manual Mount
Mount encrypted disk:
# Open
sudo cryptsetup open /dev/sda2 cryptroot
# Mount
sudo mount /dev/mapper/cryptroot /mnt/data
Auto-Mount
Configure auto-mount:
# Edit crypttab
sudo vim /etc/crypttab
Add:
cryptroot /dev/sda2 none luks
Update initramfs:
sudo mkinitcpio -P
Troubleshooting
Forgot Password
Recovery:
# Use keyfile
sudo cryptsetup luksAddKey /dev/sda2 /path/to/keyfile
Disk Not Opening
Check device:
# List devices
lsblk
# Check LUKS header
sudo cryptsetup luksDump /dev/sda2
Summary
This guide covered LUKS encryption, encrypted partitions, swap, and mounting.
Next Steps
- Arch Linux Security Configuration - Security
- Arch Linux Installation Guide - Installation
- ArchWiki Disk Encryption: https://wiki.archlinux.org/title/Dm-crypt
This guide is based on the ArchWiki. For the most up-to-date information, always refer to the official ArchWiki.