Hi, I have Linux Fedora and as I wanted to get LUKS, I saw that I already have a partition with LUKS. Should I do it myself again, or is this okay? Apart from that, there is the “unlocked” symbol. What does that mean? When I try to lock it, it says “Error Unmounting Filesystem” because it is “busy”.
My other question is that I have already set a passphrase and apparently I have a LUKS partition. How do I access this partition now? Because in my Files I only have my normal folders. I’m not seeing LUKS.
Hi, thank you!
Is it safer or less safe than the method with having a LUKS partition? When I boot Fedora, I have to enter a passphrase to get to my account and log in by the way, this could prove that it is a full disk encryption. However, when I click on “Disks” in the menu, there are 2 small and 2 big partitions, and only one of those two partitions is called LUKS.
I also saw that there seems to be no data on the partition called LUKS, just on the other big partition.
If my full disk is indeed encrypted, is it possible at all to create another LUKS partition within it? I just want to maximize the security.
I hope you can work with those information, thank you very much for helping me.
Having output of lsblk or at least screenshot of Disks would help here, but I’ll assume you have the default encrypted layout created by the Fedora installer, in this case you should see something like this (maybe with btrfs instead of LVM2 PV):
The LUKS partition contains all the data from your system. When you provide the passphrase during boot, it is unlocked: a new virtual device is created on top of it which Fedora uses to access the encrypted data. If you read from the device, the data you want to read is first decrypted and then returned to the application. This allows the system to work with encrypted data without actually needing to support encryption on the user space level.
The unlocked symbol basically means what I described above. You can’t lock the LUKS partition because it is currently used (= busy), your system is running from that, your data is stored there. It will be locked during shut down.
Theoretically this is possible (with LVM, not with Btrfs) but it doesn’t bring additional security, everything on your disk is encrypted, it doesn’t make sense to encrypt encrypted data. If you are looking for some sort of deniable encryption, you need Veracrypt to create a hidden volume, LUKS/cryptsetup doesn’t support this.