-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
first run through all of the sections
- Loading branch information
1 parent
62f9711
commit f5de578
Showing
2 changed files
with
144 additions
and
29 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,21 @@ | ||
# Full Disk Encryption | ||
|
||
LUKS | ||
The source code for our LUKS initialisation process | ||
can be found [here][cryptpart]. After the disks are encrypted, two partitions | ||
are created on them: | ||
|
||
[GitHub repository](https://github.com/cloudfleet/blimp-engineroom) | ||
- the encrypted swap partition | ||
- the encrypted storage partition | ||
|
||
The storage partition is formatted as BTRFS, a copy-on-write filesystem, | ||
and two subvolumes are created on it: | ||
|
||
- a data storage subvolume - */opt/cloudfleet/data* | ||
- a Docker storage subvolume - */var/lib/docker* | ||
|
||
The encryption USB key has to be plugged into the Blimp when it is booting in | ||
order to decrypt these partitions for normal usage. After the boot procedure is | ||
finished, the user should remove the encryption USB key and keep it in a safe | ||
location to keep the data secure in case of Blimp theft. | ||
|
||
[cryptpart]: https://github.com/cloudfleet/blimp-engineroom/tree/master/bin/cryptpart "cryptpart" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters