Linux-Based Disk Encryption
Disk encryption ensures that files are always stored on disk in an encrypted form. The files become available to the operating system and applications in readable form while the system is running and unlocked by a trusted user. An unauthorized user inspecting the contents of the disk directly finds garbled random-looking data instead of the actual files.
With user data encryption enabled, the /home
directory in the file system is encrypted and user data is available when the system is running. The user /home
partition is mounted on a separate disk partition and block level encryption is enabled for that disk.
The NVIDIA implementation uses the dm-crypt
kernel module, which is the standard device-mapper interface for encryption functionality provided by the Linux kernel. It is inserted between the disk driver and the file system to transparently encrypt and decrypt the data blocks.
Consult the Linux documentation on dm-crypt
at:
https://wiki.archlinux.org/index.php/Disk_encryption
The management of dm-crypt
is performed with the dmsetup
user-space utility.