Example: Adding and Encrypting a Linux Disk with XFS
Tip: Depending on the size of the disk, the encryption process can take a long time to run. If the process is interrupted, you need to manually restart the process. We recommend you use the Linux nohup
or screen
command to avoid terminal-related interruptions during encryption.

In following example we create an XFS filesystem and then use hcl encrypt
to register that filesystem with KeyControl. The example that follows shows how to do this in a single step using hcl add
.
# mkfs -t xfs /dev/sdc1 meta-data=/dev/sdc1 isize=256 agcount=4, agsize=62436 blks = sectsz=512 attr=2, projid32bit=1 = crc=0 finobt=0 data = bsize=4096 blocks=249744, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0 ftype=0 log =internal log bsize=4096 blocks=853, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 # mount | grep sdc1 /dev/sdc1 on /mnt type xfs (rw,relatime,seclabel,attr2,inode64,noquota) # cp /etc/* /mnt # find /mnt -type f -exec md5sum {} \; | md5sum 5cf56f73de26edf599cb3a8c5887ebe0 - # umount /mnt # hcl encrypt /dev/sdc1 All the data on /dev/sdc1 will be encrypted The cleartext data will be available on /dev/mapper/clear_sdc1 This operation may take long time Do you want to proceed? (y/n) y total device size 998976 KB Processing: 100% Time left: 00:00:00 rekey finished Completed encryption of /dev/sdc1 successfully # mount /dev/mapper/clear_sdc1 /mnt # mount | grep sdc1 /dev/mapper/clear_sdc1 on /mnt type xfs (rw,relatime,seclabel,attr2,inode64,noquota) # find /mnt -type f -exec md5sum {} \; | md5sum 5cf56f73de26edf599cb3a8c5887ebe0 -

In following example we use hcl add
to create an XFS filesystem on the disk and then register the disk with KeyControl.
# hcl add -F xfs /dev/sdc1 /dev/sdc1 (/dev/sdc1) appears to contain an existing filesystem (ext3) Do you want to proceed? (y/n) y WARNING: This operation will destroy the contents of the disk. If you wish to preserve them, run "hcl encrypt" instead. Do you want to proceed? (y/n) y In case of error remove the disk using "hcl rm" and run "hcl add" again Encrypted device sdc1 (/dev/sdc1) attached; decrypted contents visible at /dev/mapper/clear_sdc1 Creating file system xfs on /dev/mapper/clear_sdc1 -------------------------------------------------------------------------------- meta-data=/dev/mapper/clear_sdc1 isize=256 agcount=4, agsize=62436 blks = sectsz=512 attr=2, projid32bit=1 = crc=0 finobt=0 data = bsize=4096 blocks=249744, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0 ftype=0 log =internal log bsize=4096 blocks=853, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 ----------------------------------------------------------------------- # mount /dev/mapper/clear_sdc1 /mnt
Note: If the mkfs
command is done as part of the hcl add
command and it fails, then you will need to run it separately after resolving the issue. This must be done before you run the mount | grep sdc1
command.
# mount | grep sdc1 /dev/mapper/clear_sdc1 on /mnt type xfs (rw,relatime,seclabel,attr2,inode64,noquota)