SSD/HDD, encryption LUKS+LUKS2+root?

nicknick · November 11, 2024, 8:16pm

Hi friends.

I’m trying to encrypt my hard drive with KDE Partition Manager on EOS.

Does anyone know if I should check LUKS, LUKS2 or both? If I check both, will I get double encryption?

Also, under “permissions”, what exactly is the difference between “everyone” and “only root”?

If I check “everyone” does that mean I can access this SSD/HDD from another PC just by entering the encryption password?

And if I check “only root”, does that mean I can only access this SSD/HDD from this PC only and not from another PC?

I can’t figure out the difference, I tried testing with “only root” but I can’t seem to access the SSD.

Thanks in advance.

dalto · November 11, 2024, 8:24pm

You will not get double encryption. If you check both you will get luks2 encryption, if you only check the first box, you will get luks1.

It is best to select “Only root” and then change the ownership after it is formatted and mounted.

nicknick · November 12, 2024, 8:21pm

Thanks!

So, LUKS 1 and LUKS 2 is a bit of a design flaw, as it should let you select just 1, like when you select “everyone” or “only root”, I mean, it would be less confusing, but it’s not a big deal xD

Sorry, my English is pretty bad, I didn’t understand this. I already formatted the hard drive. When I mount the SSD it asks me for the encryption password, and then my EOS user password, but after I enter the 2 passwords correctly, I get this:

What do I have to do next? I’m the only user of my EOS, so I’m the admin-ownership, if I’m not mistaken.

dalto · November 12, 2024, 9:12pm

Can you share the output of findmnt --real

mbod · November 12, 2024, 9:31pm

Both does not make sense and eventually ends up in LUKS2.

There is only one reason to select LUKS1. And that his grub. grub does not fully support LUKS2.
If you use grub and this is your boot drive and grub needs to open that device to boot from, you should use LUKS1. All other devices should be encrypted with LUKS2.

nicknick · November 13, 2024, 6:27pm

Sure! Here:

Thanks for the info friend! By the way, if I uncheck the “encypt with luks” checkbox both checkboxes will be hidden. So to get LUKS 2 I have to have the first one checked too.

dalto · November 13, 2024, 6:53pm

Please share it as text not a screenshot. Not only does it save bandwidth for the forum and our users, there is no way I am retyping that giant ID.

Yes, of course that is true. If you uncheck the first box, it means no encryption.

nicknick · November 13, 2024, 9:11pm

Yes sure, sorry, I hadn’t thought of that.

$ findmnt --real
TARGET                 SOURCE                            FSTYPE OPTIONS
/                      /dev/sda1                         ext4   rw,noatime
├─/run/user/1000/doc   portal                            fuse.p rw,nosuid,nodev,relatime,user_id=1000,group_id
└─/run/media/MAXTOR
                       /dev/mapper/luks-30928dd2-69e0-4fdb-91c1-3d7e5a5068a4
                                                         ext4   rw,nosuid,nodev,relatime,errors=remount-ro
$

dalto · November 13, 2024, 9:30pm

Try this:

sudo chown -R 1000:1000 /run/media/septem/MAXTOR

Don’t run that against any other directory. Running it somewhere else in the filesystem can cause serious problems.