{"id":8995,"date":"2026-04-26T20:08:58","date_gmt":"2026-04-26T11:08:58","guid":{"rendered":"https:\/\/hasu0707.duckdns.org\/blog\/?p=8995"},"modified":"2026-04-29T08:42:35","modified_gmt":"2026-04-28T23:42:35","slug":"luks-%ea%b8%b0%eb%b3%b8-%ec%9e%91%ec%97%85-%ec%84%a4%eb%aa%85","status":"publish","type":"post","link":"https:\/\/hasu0707.duckdns.org\/blog\/?p=8995","title":{"rendered":"LUKS \uae30\ubcf8 \uc791\uc5c5 \uc124\uba85"},"content":{"rendered":"\n
01.LUKS \ud328\ud0a4\uc9c0 \uc124\uce58
# LUKS
apt -y install cryptsetup
apt -y install cryptsetup-initramfs
apt -y install systemd-cryptsetup

# iSCSI
apt -y install targetcli-fb

# Tang\/Clevis
apt -y install tang
apt -y install clevis
apt -y install clevis-luks
apt -y install clevis-dracut

# TPM 2.0
apt -y install systemd
apt -y install tpm2-tools

02.\ud544\uc694\ud55c \uacbd\uc6b0 C\/C++ \uac1c\ubc1c\ub3c4\uad6c \uc124\uce58
apt -y install build-essential
apt -y install autoconf automake cmake
apt -y install libmicrohttpd-dev
apt -y install libjansson-dev
apt -y install libgnutls28-dev
apt -y install uuid-dev
apt -y install samba
apt -y install ntfs-3g

03.LUKS \ud0a4 \uc0dd\uc131
mkdir -p \/etc\/cryptsetup-keys.d
chmod 700 \/etc\/cryptsetup-keys.d
# 4096\ube44\ud2b8 \ud0a4 \uc0dd\uc131
dd if=\/dev\/urandom of=\/etc\/cryptsetup-keys.d\/secure_ntfs.key bs=512 count=8
chmod 600 \/etc\/cryptsetup-keys.d\/secure_ntfs.key
chown root:root \/etc\/cryptsetup-keys.d\/secure_ntfs.key
ls -l \/etc\/cryptsetup-keys.d\/secure_ntfs.key

04.\ud30c\ud2f0\uc158 \ucd08\uae30\ud654 (\ud30c\ud2f0\uc158\uc740 \ubbf8\ub9ac \uc0dd\uc131\ub418\uc5b4 \uc788\uc5b4\uc57c \ud568)
wipefs --force -a \/dev\/sda4
dd if=\/dev\/zero of=\/dev\/sda4 bs=1M count=10

05.LUKS\ub85c \ud30c\ud2f0\uc158 \ucd08\uae30\ud654 \ud6c4 \ud655\uc778
cryptsetup luksFormat \\
  --batch-mode \\
  --type luks2 \\
  --cipher aes-xts-plain64 \\
  --key-size 512 \\
  --hash sha256 \\
  \/dev\/sda4 \/etc\/cryptsetup-keys.d\/secure_ntfs.key
cryptsetup luksDump \/dev\/sda4

06.LUKS header \ubc31\uc5c5
mkdir -p \/root\/luks-backup
cryptsetup luksHeaderBackup \/dev\/sda4 --header-backup-file \/root\/luks-backup\/header.img
cryptsetup luksDump \/dev\/sda4 > \/root\/luks-backup\/luks_dump.txt
blkid > \/root\/luks-backup\/blkid.txt
lsblk -f > \/root\/luks-backup\/lsblk.txt
cp \/etc\/crypttab \/root\/luks-backup\/
cp \/etc\/fstab \/root\/luks-backup\/
cp \/etc\/cryptsetup-keys.d\/secure_ntfs.key \/root\/luks-backup\/
  06-1.\ubcf5\uc6d0
  cryptsetup luksHeaderRestore \/dev\/sda4 --header-backup-file \/root\/luks-backup\/header.img

07.LUKS \ubcfc\ub968 \uc5f4\uae30
cryptsetup open \/dev\/sda4 secure_ntfs \\
  --key-file \/etc\/cryptsetup-keys.d\/secure_ntfs.key
ls -l \/dev\/mapper\/secure_ntfs
lsblk -f
  7-1.LUKS \ubcfc\ub968 \ub2eb\uae30
  cryptsetup close secure_ntfs

08.\ud30c\ud2f0\uc158 \ud3ec\ub9f7
mkfs.ntfs -f -L SECURE_NTFS \/dev\/mapper\/secure_ntfs
lsblk -f \/dev\/sda4

09.\ub9c8\uc6b4\ud2b8
mkdir -p \/mnt\/secure_ntfs
mount \/dev\/mapper\/secure_ntfs \/mnt\/secure_ntfs
df -hT \/mnt\/secure_ntfs

10.LUKS \ubcfc\ub968 \ub2eb\uae30 (\ud544\uc694\ud55c \uacbd\uc6b0\ub9cc)
umount \/mnt\/secure_ntfs
cryptsetup close secure_ntfs

11.\uc790\ub3d9 \ub9c8\uc6b4\ud2b8 \uc124\uc815
1) UUID \ud655\uc778
blkid \/dev\/sda4
blkid \/dev\/mapper\/secure_ntfs

2) \/etc\/crypttab \uc791\uc131
vi \/etc\/crypttab (UUID\ub294 \"blkid \/dev\/sda4\"\uc5d0 \ud3ec\ud568\ub41c UUID)
secure_ntfs UUID=8d9c74cb-a4ed-4657-89de-d4017e2fcea5 \/etc\/cryptsetup-keys.d\/secure_ntfs.key luks,nofail

3) \/etc\/fstab\uc5d0 \ucd94\uac00
vi \/etc\/fstab
\/dev\/mapper\/secure_ntfs \/mnt\/secure_ntfs ntfs3 defaults,nofail 0 0

4) \uc801\uc6a9
systemctl daemon-reexec
systemctl daemon-reload
#update-initramfs -u
cryptdisks_start secure_ntfs 2>\/dev\/null || true
mount -a<\/pre>\n\n\n\n
\n\n\n\n
#!\/usr\/bin\/env bash\nset -euo pipefail\n\n###########################################################\n#\n# LUKS \uc554\ud638\ud654 \uc2a4\ud06c\ub9bd\ud2b8\n#\n# by hasu0707@gmail.com\n#\n###########################################################\n\nusage() {\ncat <<'EOF'\nUsage:\n  .\/encrypt_disk.sh --name <crypt_name> --fs <ext4|ntfs> [--mount <mount_point>] [-f] <device>\n\nExample:\n  .\/encrypt_disk.sh --name secure_ntfs --fs ntfs \/dev\/sda4\n  .\/encrypt_disk.sh -f --name secure_ext4 --fs ext4 --mount \/secure \/dev\/sdb1\n\nOptions:\n  --name    cryptsetup mapper name\n  --fs      filesystem type: ext4 or ntfs\n  --mount   mount point, default: \/mnt\/<crypt_name>\n  -f        force mode, skip confirmation\n  -h        show this help\nEOF\n}\n\ndie() {\n  echo \"ERROR: $*\" >&2\n  exit 1\n}\n\ninfo() {\n  echo \"INFO: $*\"\n}\n\nrequire_root() {\n  # root \uad8c\ud55c\uc774 \uc544\ub2c8\uba74 \ub514\uc2a4\ud06c \ucd08\uae30\ud654, LUKS \uc0dd\uc131, fstab \uc218\uc815 \ub4f1\uc774 \ubd88\uac00\ub2a5\ud558\ubbc0\ub85c \uc911\ub2e8\n  [[ \"${EUID}\" -eq 0 ]] || die \"This script must be run as root.\"\n}\n\nparse_args() {\n  FORCE=0\n  CRYPT_NAME=\"\"\n  FS_TYPE=\"\"\n  MOUNT_POINT=\"\"\n  DEVICE=\"\"\n\n  # \uba85\ub839\ud589 \ud30c\ub77c\ubbf8\ud130 \ud30c\uc2f1\n  while [[ $# -gt 0 ]]; do\n    case \"$1\" in\n      --name)\n        CRYPT_NAME=\"${2:-}\"\n        shift 2\n        ;;\n      --fs)\n        FS_TYPE=\"${2:-}\"\n        shift 2\n        ;;\n      --mount)\n        MOUNT_POINT=\"${2:-}\"\n        shift 2\n        ;;\n      -f|--force)\n        FORCE=1\n        shift\n        ;;\n      -h|--help)\n        usage\n        exit 0\n        ;;\n      -*)\n        die \"Unknown option: $1\"\n        ;;\n      *)\n        DEVICE=\"$1\"\n        shift\n        ;;\n    esac\n  done\n\n  [[ -n \"$CRYPT_NAME\" ]] || die \"--name is required.\"\n  [[ -n \"$FS_TYPE\" ]] || die \"--fs is required.\"\n  [[ -n \"$DEVICE\" ]] || die \"Device is required.\"\n  [[ -b \"$DEVICE\" ]] || die \"Device does not exist or is not a block device: $DEVICE\"\n\n  [[ \"$FS_TYPE\" == \"ext4\" || \"$FS_TYPE\" == \"ntfs\" ]] || die \"--fs must be ext4 or ntfs.\"\n\n  # \ub9c8\uc6b4\ud2b8 \uacbd\ub85c\uac00 \uc9c0\uc815\ub418\uc9c0 \uc54a\uc73c\uba74 cryptsetup name \uae30\uc900\uc73c\ub85c \uae30\ubcf8 \uacbd\ub85c \uc124\uc815\n  if [[ -z \"$MOUNT_POINT\" ]]; then\n    MOUNT_POINT=\"\/mnt\/$CRYPT_NAME\"\n  fi\n}\n\ncheck_command() {\n  local cmd=\"$1\"\n\n  # \uba85\ub839\uc5b4 \uc874\uc7ac \uc5ec\ubd80 \uac80\uc0ac\n  command -v \"$cmd\" >\/dev\/null 2>&1 || die \"Required command not found: $cmd\"\n}\n\ncheck_package() {\n  local pkg=\"$1\"\n\n  # dpkg \uae30\uc900 \ud328\ud0a4\uc9c0 \uc124\uce58 \uc0c1\ud0dc \uac80\uc0ac\n  dpkg-query -W -f='${Status}' \"$pkg\" 2>\/dev\/null | grep -q \"install ok installed\" \\\n    || die \"Required package is not installed: $pkg\"\n}\n\ncheck_requirements() {\n  # \uacf5\ud1b5 \ud544\uc218 \uba85\ub839\uc5b4 \uac80\uc0ac\n  check_command wipefs\n  check_command dd\n  check_command blkid\n  check_command lsblk\n  check_command findmnt\n  check_command mount\n  check_command umount\n  check_command cryptsetup\n  check_command systemctl\n  check_command systemd-cryptsetup\n\n  # \uacf5\ud1b5 \ud544\uc218 \ud328\ud0a4\uc9c0 \uac80\uc0ac\n  check_package util-linux\n  check_package cryptsetup\n  check_package cryptsetup-initramfs\n  check_package systemd\n\n  # \ud30c\uc77c\uc2dc\uc2a4\ud15c\ubcc4 \ud544\uc218 \uba85\ub839\uc5b4 \ubc0f \ud328\ud0a4\uc9c0 \uac80\uc0ac\n  case \"$FS_TYPE\" in\n    ext4)\n      check_command mkfs.ext4\n      check_package e2fsprogs\n      ;;\n    ntfs)\n      check_command mkfs.ntfs\n      check_command ntfs-3g\n      check_package ntfs-3g\n      ;;\n  esac\n}\n\nconfirm_execution() {\n  # -f \uc635\uc158\uc774 \uc5c6\ub294 \uacbd\uc6b0 \ub300\ubb38\uc790 YES \uc785\ub825 \uc2dc\uc5d0\ub9cc \uc2e4\ud589\n  if [[ \"$FORCE\" -eq 1 ]]; then\n    return\n  fi\n\n  echo \"WARNING: This operation will permanently erase all data on: $DEVICE\"\n  echo \"Type YES to continue:\"\n  read -r answer\n\n  [[ \"$answer\" == \"YES\" ]] || die \"Confirmation failed. Aborted.\"\n}\n\nunmount_node() {\n  local node=\"$1\"\n  local targets\n\n  # \ud2b9\uc815 \ube14\ub85d \ub514\ubc14\uc774\uc2a4\uac00 \ub9c8\uc6b4\ud2b8\ub41c \uc704\uce58 \uc870\ud68c\n  mapfile -t targets < <(findmnt -rn -S \"$node\" -o TARGET 2>\/dev\/null || true)\n\n  for target in \"${targets[@]}\"; do\n    info \"Unmounting $target\"\n    umount \"$target\" || die \"Failed to unmount: $target\"\n  done\n}\n\nunmount_related_devices() {\n  local nodes\n\n  # \ud30c\ud2f0\uc158 \ub610\ub294 \ub514\uc2a4\ud06c \ud558\uc704 \ub514\ubc14\uc774\uc2a4\ub97c \uc5ed\uc21c\uc73c\ub85c \uc870\ud68c\ud558\uc5ec \ud558\uc704\ubd80\ud130 \uc5b8\ub9c8\uc6b4\ud2b8\n  mapfile -t nodes < <(lsblk -nrpo NAME \"$DEVICE\" | tac)\n\n  for node in \"${nodes[@]}\"; do\n    unmount_node \"$node\"\n  done\n}\n\nclose_existing_luks() {\n  # \ub3d9\uc77c\ud55c mapper name\uc774 \uc5f4\ub824 \uc788\uc73c\uba74 \uc6b0\uc120 \uc5b8\ub9c8\uc6b4\ud2b8 \ud6c4 close\n  if [[ -e \"\/dev\/mapper\/$CRYPT_NAME\" ]]; then\n    unmount_node \"\/dev\/mapper\/$CRYPT_NAME\"\n    info \"Closing existing mapper: $CRYPT_NAME\"\n    cryptsetup close \"$CRYPT_NAME\" || die \"Failed to close mapper: $CRYPT_NAME\"\n  fi\n\n  # \uc9c0\uc815 \ub514\ubc14\uc774\uc2a4 \ud558\uc704\uc5d0 \uc5f4\ub9b0 crypt \ud0c0\uc785 \ub9e4\ud551\uc774 \uc788\uc73c\uba74 \ubaa8\ub450 close\n  while read -r name type; do\n    if [[ \"$type\" == \"crypt\" ]]; then\n      local mapper_name\n      mapper_name=\"$(basename \"$name\")\"\n\n      unmount_node \"$name\"\n      info \"Closing existing LUKS mapper: $mapper_name\"\n      cryptsetup close \"$mapper_name\" || die \"Failed to close mapper: $mapper_name\"\n    fi\n  done < <(lsblk -nrpo NAME,TYPE \"$DEVICE\")\n}\n\nwipe_device() {\n  # \uc694\uad6c\uc0ac\ud56d\uc5d0 \ub530\ub77c wipefs\uc640 dd\ub97c \ubaa8\ub450 \uc218\ud589\ud558\uc5ec \uae30\uc874 \uc2dc\uadf8\ub2c8\ucc98\uc640 \ud5e4\ub354\ub97c \uc81c\uac70\n  info \"Wiping filesystem signatures on $DEVICE\"\n  wipefs -a \"$DEVICE\" || die \"wipefs failed.\"\n\n  info \"Overwriting the beginning of $DEVICE with zeroes\"\n  dd if=\/dev\/zero of=\"$DEVICE\" bs=1M count=64 conv=fsync status=progress \\\n    || die \"dd wipe failed.\"\n}\n\ncreate_luks_container() {\n  # LUKS UUID\ub97c \uc54c\uae30 \uc804\uc5d0\ub294 \uc784\uc2dc \ud0a4 \ud30c\uc77c \uc0dd\uc131\n  TMP_KEY=\"$(mktemp \/root\/luks-key.XXXXXX)\"\n  chmod 600 \"$TMP_KEY\"\n\n  # 4096\ubc14\uc774\ud2b8 \ud0a4 \ud30c\uc77c \uc0dd\uc131\n  info \"Generating 4096-byte key file\"\n  dd if=\/dev\/urandom of=\"$TMP_KEY\" bs=4096 count=1 status=none\n  chmod 400 \"$TMP_KEY\"\n\n  # \ud0a4 \ud30c\uc77c\uc744 \uc774\uc6a9\ud574 LUKS \ud3ec\ub9f7\n  info \"Formatting $DEVICE as LUKS\"\n  cryptsetup luksFormat \"$DEVICE\" \"$TMP_KEY\" --batch-mode \\\n    || die \"cryptsetup luksFormat failed.\"\n\n  # \ucd5c\uc885 LUKS UUID \uc870\ud68c\n  LUKS_UUID=\"$(cryptsetup luksUUID \"$DEVICE\")\"\n  [[ -n \"$LUKS_UUID\" ]] || die \"Failed to get LUKS UUID.\"\n\n  # \uc694\uad6c\uc0ac\ud56d\uc5d0 \ub9de\uac8c LUKS UUID \uae30\ubc18 \ud0a4 \ud30c\uc77c \uacbd\ub85c \uc0dd\uc131\n  KEY_FILE=\"\/etc\/cryptsetup-keys.d\/${LUKS_UUID}.key\"\n  install -d -m 700 \/etc\/cryptsetup-keys.d\n  mv \"$TMP_KEY\" \"$KEY_FILE\"\n  chmod 400 \"$KEY_FILE\"\n\n  # \uc0dd\uc131\ud55c LUKS \ucee8\ud14c\uc774\ub108 \uc624\ud508\n  info \"Opening LUKS container as $CRYPT_NAME\"\n  cryptsetup open \"$DEVICE\" \"$CRYPT_NAME\" --key-file \"$KEY_FILE\" \\\n    || die \"cryptsetup open failed.\"\n}\n\ncreate_filesystem() {\n  local mapper=\"\/dev\/mapper\/$CRYPT_NAME\"\n\n  # \uc120\ud0dd\ud55c \ud30c\uc77c\uc2dc\uc2a4\ud15c \ud0c0\uc785\uc5d0 \ub530\ub77c \ub0b4\ubd80 \ud30c\uc77c\uc2dc\uc2a4\ud15c \uc0dd\uc131\n  case \"$FS_TYPE\" in\n    ext4)\n      info \"Creating ext4 filesystem\"\n      mkfs.ext4 -F \"$mapper\" || die \"mkfs.ext4 failed.\"\n      FSTAB_TYPE=\"ext4\"\n      FSTAB_OPTIONS=\"defaults,nofail\"\n      FSTAB_PASS=\"2\"\n      ;;\n    ntfs)\n      info \"Creating NTFS filesystem\"\n      mkfs.ntfs -F -Q \"$mapper\" || die \"mkfs.ntfs failed.\"\n      FSTAB_TYPE=\"ntfs-3g\"\n      FSTAB_OPTIONS=\"defaults,nofail,uid=0,gid=0,umask=022\"\n      FSTAB_PASS=\"0\"\n      ;;\n  esac\n\n  # fstab\uc5d0\ub294 \ub0b4\ubd80 \ud30c\uc77c\uc2dc\uc2a4\ud15c UUID\ub97c \uc0ac\uc6a9\n  FS_UUID=\"$(blkid -s UUID -o value \"$mapper\")\"\n  [[ -n \"$FS_UUID\" ]] || die \"Failed to get filesystem UUID.\"\n}\n\ncreate_backup() {\n  BACKUP_DIR=\"\/var\/backup\/cryptsetup\/$LUKS_UUID\"\n  install -d -m 700 \"$BACKUP_DIR\"\n\n  info \"Creating backup files in $BACKUP_DIR\"\n\n  # LUKS \ud5e4\ub354 \ubc31\uc5c5\n  cryptsetup luksHeaderBackup \"$DEVICE\" \\\n    --header-backup-file \"$BACKUP_DIR\/luksHeader\"\n\n  # LUKS \uc815\ubcf4 \ubc0f \uc2dc\uc2a4\ud15c \ube14\ub85d \ub514\ubc14\uc774\uc2a4 \uc815\ubcf4 \ubc31\uc5c5\n  cryptsetup luksDump \"$DEVICE\" > \"$BACKUP_DIR\/luksDump\"\n  blkid > \"$BACKUP_DIR\/blkid.txt\"\n  lsblk -f > \"$BACKUP_DIR\/lsblk.txt\"\n\n  # \ubcc0\uacbd \uc804 \uc124\uc815 \ud30c\uc77c \ubc31\uc5c5\n  cp -a \/etc\/crypttab \"$BACKUP_DIR\/crypttab.before\" 2>\/dev\/null || true\n  cp -a \/etc\/fstab \"$BACKUP_DIR\/fstab.before\" 2>\/dev\/null || true\n}\n\nupdate_crypttab() {\n  local line\n  line=\"${CRYPT_NAME} UUID=${LUKS_UUID} ${KEY_FILE} luks\"\n\n  info \"Updating \/etc\/crypttab\"\n\n  touch \/etc\/crypttab\n\n  # \ub3d9\uc77c mapper name \ub610\ub294 \ub3d9\uc77c LUKS UUID\uac00 \uc788\uc73c\uba74 \uc911\ubcf5 \ubc29\uc9c0\ub97c \uc704\ud574 \uc81c\uac70\n  sed -i.bak \\\n    -e \"\/^${CRYPT_NAME}[[:space:]]\/d\" \\\n    -e \"\/UUID=${LUKS_UUID}[[:space:]]\/d\" \\\n    \/etc\/crypttab\n\n  echo \"$line\" >> \/etc\/crypttab\n}\n\nupdate_fstab() {\n  local line\n  line=\"UUID=${FS_UUID} ${MOUNT_POINT} ${FSTAB_TYPE} ${FSTAB_OPTIONS} 0 ${FSTAB_PASS}\"\n\n  info \"Updating \/etc\/fstab\"\n\n  install -d -m 755 \"$MOUNT_POINT\"\n  touch \/etc\/fstab\n\n  # \ub3d9\uc77c \ub9c8\uc6b4\ud2b8\ud3ec\uc778\ud2b8 \ub610\ub294 \ub3d9\uc77c \ud30c\uc77c\uc2dc\uc2a4\ud15c UUID\uac00 \uc788\uc73c\uba74 \uc911\ubcf5 \ubc29\uc9c0\ub97c \uc704\ud574 \uc81c\uac70\n  sed -i.bak \\\n    -e \"\\|[[:space:]]${MOUNT_POINT}[[:space:]]|d\" \\\n    -e \"\/^UUID=${FS_UUID}[[:space:]]\/d\" \\\n    \/etc\/fstab\n\n  echo \"$line\" >> \/etc\/fstab\n}\n\nbackup_final_configs() {\n  # \ubcc0\uacbd \uc644\ub8cc \ud6c4 \ucd5c\uc885 \uc124\uc815 \ud30c\uc77c \ubc31\uc5c5\n  cp -a \/etc\/crypttab \"$BACKUP_DIR\/crypttab\"\n  cp -a \/etc\/fstab \"$BACKUP_DIR\/fstab\"\n}\n\nreload_systemd() {\n  # crypttab\/fstab \ubcc0\uacbd \ud6c4 systemd generator \uacb0\uacfc\ub97c \uc989\uc2dc \ubc18\uc601\ud558\ub3c4\ub85d daemon reload\n  info \"Reloading systemd daemon\"\n  systemctl daemon-reload || die \"systemctl daemon-reload failed.\"\n}\n\nmount_volume() {\n  # fstab \uae30\uc900\uc73c\ub85c \ub9c8\uc6b4\ud2b8 \ud14c\uc2a4\ud2b8\n  info \"Mounting $MOUNT_POINT\"\n  mount \"$MOUNT_POINT\" || die \"Failed to mount: $MOUNT_POINT\"\n}\n\nupdate_initramfs_if_available() {\n  # cryptsetup-initramfs\uac00 \uc124\uce58\ub41c \ud658\uacbd\uc5d0\uc11c \ubd80\ud305 \ucd08\uae30 \ub2e8\uacc4 \ubc18\uc601\n  if command -v update-initramfs >\/dev\/null 2>&1; then\n    info \"Updating initramfs\"\n    update-initramfs -u || die \"update-initramfs failed.\"\n  fi\n}\n\nmain() {\n  if [[ $# -eq 0 ]]; then\n    usage\n    exit 1\n  fi\n\n  parse_args \"$@\"\n  require_root\n  check_requirements\n  confirm_execution\n\n  info \"Target device: $DEVICE\"\n  info \"Mapper name: $CRYPT_NAME\"\n  info \"Filesystem: $FS_TYPE\"\n  info \"Mount point: $MOUNT_POINT\"\n\n  unmount_related_devices\n  close_existing_luks\n  wipe_device\n  create_luks_container\n  create_filesystem\n  create_backup\n  update_crypttab\n  update_fstab\n  backup_final_configs\n  reload_systemd\n  mount_volume\n  update_initramfs_if_available\n\n  info \"Encryption completed successfully.\"\n  info \"LUKS UUID: $LUKS_UUID\"\n  info \"Filesystem UUID: $FS_UUID\"\n  info \"Key file: $KEY_FILE\"\n  info \"Backup directory: $BACKUP_DIR\"\n  info \"Mount point: $MOUNT_POINT\"\n}\n\nmain \"$@\"<\/pre>\n","protected":false},"excerpt":{"rendered":"
01.LUKS \ud328\ud0a4\uc9c0 \uc124\uce58# LUKSapt -y install cryptsetupapt -y install cryptsetup-initramfsapt -y install systemd-cryptsetup# iSCSIapt -y install targetcli-fb# Tang\/Clevisapt -y install tangapt -y install clevisapt -y install clevis-luksapt -y install clevis-dracut# TPM 2.0apt -y install systemdapt -y install tpm2-tools02.\ud544\uc694\ud55c \uacbd\uc6b0 C\/C++ \uac1c\ubc1c\ub3c4\uad6c \uc124\uce58apt -y install build-essentialapt -y install autoconf automake cmakeapt -y install libmicrohttpd-devapt -y install […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[12],"tags":[],"class_list":["post-8995","post","type-post","status-publish","format-standard","hentry","category-computing_security"],"_links":{"self":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/8995","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8995"}],"version-history":[{"count":0,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/8995\/revisions"}],"wp:attachment":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8995"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8995"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8995"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}