Introduction to LUKS
With LUKS in play, any Linux filesystem can be encrypted. There are some caveats that you should be aware of ahead of time.
Encrypting your data at rest (that is, everything stored on disk, SSD, or NVME) is not just a nice-to-have option, it’s almost assumed to be present depending on whom your target clientele may be. For discussion’s sake, let’s imply that the expected customer for your solution is a government entity. Most government customers (regardless of the country we are referring to) are mandated to have an exceptional level of security within whatever may be deployed within their walls. Their standards are significantly higher, as are their risks. It’s safe to say that disk encryption is assumed to be present. We shall cover how to implement some of these more stringent government security standards later in Chapter 13.
Crucial to the encryption process is an open source utility called cryptsetup. This relies on functionality...
