# create partition (安装系统时,预留free空间) primary
sudo fdisk /dev/sda3
# encrypt the target partition;YES
# 会清理所有数据,谨慎!
sudo cryptsetup -y -v luksFormat /dev/sda3
# Creates a mapping alise backupSSD
sudo cryptsetup luksOpen /dev/sdd1 backupSSD
# Format PARTITION (很重要!!!)
sudo mkfs.ext4 /dev/mapper/backupSSD -L "Extra SSD 1TB"
# try mount
sudo mkdir /media/secure-ssd
sudo chown $USER:$USER /media/secure-ssd
sudo mount /dev/mapper/backupSSD /media/secure-ssd
# Modify /etc/fstab to auto mount
/dev/mapper/backupSSD /media/secure-ssd ext4 defaults 0 2
# Create a keyfile
sudo mkdir /root/.keyfiles
echo passwd > /root/.keyfiles/hdd-1.key
sudo dd if=/dev/urandom of=/root/.keyfiles/hdd-1.key bs=1024 count=4
sudo chmod 0400 /root/.keyfiles/hdd-1.key
# Set up a keyfile for the LUKS partition
sudo cryptsetup luksAddKey /dev/sdd1 /root/.keyfiles/hdd-1.key
# find uuid
sudo cryptsetup luksDump /dev/sdd1
# Modify line to /etc/crypttab if the keyfile has not been added
backupSSD UUID=4f942e15-ff00-4213-aab1-089448b17850 /root/.keyfiles/hdd-1.key luks,discard
reboot
参考于
https://dev-notes.eu/2020/12/LUKS-Encrypt-Hard-Drive-with-Cryptsetup-on-Ubuntu-20.04/