Disk encryption (Aalto-Linux)
All Aalto Linux laptops are equipped with disk encryption that supports full-disk encryption.
Deploying of disk encryption requires performing a complete re-install on the computer.
If you make a re-install on a computer that is already in use, remember to transfer the files on the computer to a safe location because the entire disk will be erased during the installation.
1. If you want to install a computer, please contact the administrator or the IT service desk.
2. The computer will require the setting of a password after the installation and when the computer is powered up for the first time. Think of a good password because your selection will be a permanent one, in practice.
3. Enter the password twice and memorize it. Beware of using any uncommon special characters in your password. Ubuntu contains a long-standing and well-known bug that can change the keyboard layout between the time when the password is set and when it is prompted.
4. Once the password has been set successfully, it must be entered one more time to open the disk.
5. From here on, the computer will start in the usual manner.
Every time the computer is powered up, it will prompt for a disk encryption password before the start-up process continues.
Processing of keys (special cases)
Under normal circumstances, there is no need to touch the disk encryption passwords (keys).
You may need the instructions below in the following cases, for example:
- your project requires that there may not be a centralized (computer-specific) backup key
- it is necessary to add more keys for a laptop in shared use, for instance.
There can be a maximum of seven keys. Processing the keys requires root privileges.
Viewing the LUKS header
For example, with the command
it is displayed like this
Deleting a key
Below, <n> is slot number... the centralized spare key is in slot 1.
Below, <device> in Aalto-Linux is usually /dev/sda5, but it can be something else in exceptional cases.
Adding a key
Changing a key