cryptsetup: update page; cryptsetup-{open,luksformat}: add page (#14153)

2024-10-16 09:23:22 +02:00
parent a539317252
commit 5802774ae0
3 changed files with 57 additions and 9 deletions
--- a/pages/linux/cryptsetup-open.md
+++ b/pages/linux/cryptsetup-open.md
@@ -0,0 +1,26 @@
+# cryptsetup open
+
+> Create a decrypted mapping of an encrypted volume.
+> Note: with TRIM enabled, minimal data leakage in form of freed block information, perhaps sufficient to determine the filesystem in use may occur.
+> However, you still most likely want to enable it, because the data inside is still safe and SSDs without TRIM will wear out faster.
+> More information: <https://manned.org/cryptsetup-open>.
+
+- Open a LUKS volume and create a decrypted mapping at `/dev/mapper/mapping_name`:
+
+`cryptsetup open {{/dev/sdXY}} {{mapping_name}}`
+
+- Use a keyfile instead of a passphrase:
+
+`cryptsetup open --key-file {{path/to/file}} {{/dev/sdXY}} {{mapping_name}}`
+
+- Allow the use of TRIM on the device:
+
+`cryptsetup open --allow-discards {{/dev/sdXY}} {{mapping_name}}`
+
+- Write the `--allow-discards` option into the LUKS header (the option will then always be used when you open the device):
+
+`cryptsetup open --allow-discards --persistent {{/dev/sdXY}} {{mapping_name}}`
+
+- Open a LUKS volume and make the decrypted mapping read-only:
+
+`cryptsetup open --readonly {{/dev/sdXY}} {{mapping_name}}`