Encrypting an Existing XFS Disk
In following example we create an XFS filesystem and then use hcl encrypt
to register that filesystem with KeyControl. The example that follows shows how to do this in a single step using hcl add
.
# mkfs -t xfs /dev/sdc1 meta-data=/dev/sdc1 isize=256 agcount=4, agsize=62436 blks = sectsz=512 attr=2, projid32bit=1 = crc=0 finobt=0 data = bsize=4096 blocks=249744, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0 ftype=0 log =internal log bsize=4096 blocks=853, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 # mount | grep sdc1 /dev/sdc1 on /mnt type xfs (rw,relatime,seclabel,attr2,inode64,noquota) # cp /etc/* /mnt # find /mnt -type f -exec md5sum {} \; | md5sum 5cf56f73de26edf599cb3a8c5887ebe0 - # umount /mnt # hcl encrypt /dev/sdc1 All the data on /dev/sdc1 will be encrypted The cleartext data will be available on /dev/mapper/clear_sdc1 This operation may take long time Do you want to proceed? (y/n) y total device size 998976 KB Processing: 100% Time left: 00:00:00 rekey finished Completed encryption of /dev/sdc1 successfully # mount /dev/mapper/clear_sdc1 /mnt # mount | grep sdc1 /dev/mapper/clear_sdc1 on /mnt type xfs (rw,relatime,seclabel,attr2,inode64,noquota) # find /mnt -type f -exec md5sum {} \; | md5sum 5cf56f73de26edf599cb3a8c5887ebe0 -
Adding a New Disk with XFS
In following example we use hcl add
to create an XFS filesytem on the disk and then register the disk with KeyControl. .
# hcl add -F xfs /dev/sdc1 /dev/sdc1 (/dev/sdc1) appears to contain an existing filesystem (ext3) Do you want to proceed? (y/n) y WARNING: This operation will destroy the contents of the disk. If you wish to preserve them, run "hcl encrypt" instead. Do you want to proceed? (y/n) y In case of error remove the disk using "hcl rm" and run "hcl add" again Encrypted device sdc1 (/dev/sdc1) attached; decrypted contents visible at /dev/mapper/clear_sdc1 Creating file system xfs on /dev/mapper/clear_sdc1 -------------------------------------------------------------------------------- meta-data=/dev/mapper/clear_sdc1 isize=256 agcount=4, agsize=62436 blks = sectsz=512 attr=2, projid32bit=1 = crc=0 finobt=0 data = bsize=4096 blocks=249744, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0 ftype=0 log =internal log bsize=4096 blocks=853, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 ----------------------------------------------------------------------- # mount /dev/mapper/clear_sdc1 /mnt # mount | grep sdc1 /dev/mapper/clear_sdc1 on /mnt type xfs (rw,relatime,seclabel,attr2,inode64,noquota)