-
-
Notifications
You must be signed in to change notification settings - Fork 2
Arch Linux Disk Encryption
Mattscreative edited this page Dec 5, 2025
·
2 revisions
Complete beginner-friendly guide to disk encryption on Arch Linux, including LUKS encryption, encrypted swap, and encrypted installation.
Install tools:
# Install cryptsetup
sudo pacman -S cryptsetup
# Check version
cryptsetup --versionCreate encrypted partition:
# Encrypt partition
sudo cryptsetup luksFormat /dev/sda2
# Enter passphrase when promptedOpen encrypted device:
# Open encrypted partition
sudo cryptsetup open /dev/sda2 cryptroot
# Format
sudo mkfs.ext4 /dev/mapper/cryptroot
# Mount
sudo mount /dev/mapper/cryptroot /mntCreate encrypted swap:
# Create swap
sudo cryptsetup -d /dev/urandom open --type plain /dev/sda3 swap
# Format
sudo mkswap /dev/mapper/swap
# Enable
sudo swapon /dev/mapper/swapAdd to fstab:
# Edit fstab
sudo vim /etc/fstabAdd:
/dev/mapper/swap none swap sw 0 0
Mount encrypted disk:
# Open
sudo cryptsetup open /dev/sda2 cryptroot
# Mount
sudo mount /dev/mapper/cryptroot /mnt/dataConfigure auto-mount:
# Edit crypttab
sudo vim /etc/crypttabAdd:
cryptroot /dev/sda2 none luks
Update initramfs:
sudo mkinitcpio -PRecovery:
# Use keyfile
sudo cryptsetup luksAddKey /dev/sda2 /path/to/keyfileCheck device:
# List devices
lsblk
# Check LUKS header
sudo cryptsetup luksDump /dev/sda2This guide covered LUKS encryption, encrypted partitions, swap, and mounting.
- Arch Linux Security Configuration - Security
- Arch Linux Installation Guide - Installation
- ArchWiki Disk Encryption: https://wiki.archlinux.org/title/Dm-crypt
This guide is based on the ArchWiki. For the most up-to-date information, always refer to the official ArchWiki.