Week 19 - Encryption at Rest: LUKS, dm-crypt, dm-verity¶

19.1 Conceptual Core¶

LUKS (Linux Unified Key Setup) is the standard for full-disk encryption: a header at the start of a block device contains key-slots (each protected by a passphrase or keyfile), which unlock a master key, which is used by dm-crypt to en/decrypt block I/O.
dm-verity provides integrity (not confidentiality) for read-only filesystems via a Merkle tree. Used in Android, Fedora Silverblue, and increasingly in container hosts.
fscrypt offers per-file encryption at the ext4/f2fs/UBIFS layer, with per-user keys.

LUKS2 header structure: binary header + JSON metadata + key-slot area. cryptsetup luksDump shows the metadata.
The chain: passphrase → Argon2id KDF → key-slot key → unlocks master volume key → dm-crypt encrypts/decrypts with AES-XTS (default).
Key management:
Multiple key slots (8 by default in LUKS2). Add/remove with cryptsetup luksAddKey/luksRemoveKey.
TPM2 binding: systemd-cryptenroll --tpm2-device=auto for unattended boot with measured-boot integrity.
YubiKey FIDO2: systemd-cryptenroll --fido2-device=auto.
crypttab(5) for boot-time activation. systemd's generator translates it into units.

Create a LUKS2 volume on a spare disk or loopback file.
Format with ext4. Mount.
Add a TPM2-bound key slot. Enroll a recovery passphrase.
Configure auto-unlock at boot via crypttab.
Simulate disk theft: dump the device contents; verify they are opaque without the key.

For laptops: enable LUKS with a strong passphrase + TPM2 + measured boot. For servers: TPM2 binding plus clevis + tang for network-bound disk encryption (auto-unlock only when the host can reach the key server).

Measure encryption overhead with fio: LUKS-encrypted vs plaintext. On modern CPUs with AES-NI, expect <5% throughput cost.