Linux-Based Disk Encryption

Disk encryption ensures that files are always stored on disk in an encrypted form. The files become available to the operating system and applications in readable form while the system is running and unlocked by a trusted user. An unauthorized user inspecting the contents of the disk directly finds garbled random-looking data instead of the actual files.

With user data encryption enabled, the /home directory in the file system is encrypted and user data is available when the system is running. The user /home partition is mounted on a separate disk partition and block level encryption is enabled for that disk.

The NVIDIA implementation uses the dm-crypt kernel module, which is the standard device-mapper interface for encryption functionality provided by the Linux kernel. It is inserted between the disk driver and the file system to transparently encrypt and decrypt the data blocks.

Consult the Linux documentation on dm-crypt at:

https://wiki.archlinux.org/index.php/Disk_encryption

The management of dm-crypt is performed with the dmsetup user-space utility.