Oracle Linux: Disk Encryption Using Network Based Key Services ( NBDE ) on Oracle Linux 8
(Doc ID 2686064.1)
Last updated on AUGUST 21, 2020
Linux OS - Version Oracle Linux 7.5 and later
How to create an encrypted XFS filesystem that's automatically unlocked at boot using clevis (client) and tang (server)
Based on https://oracle.github.io/linux-labs/NBDE/
- Linux Unified Key Setup (LUKS) is a disk encryption standard.
- Cryptsetup configures disk based encryption and includes support for LUKS
- Tang is a network service that provides cryptographic services over HTTP
- Clevis is an encryption framework. Clevis can use keys provided by Tang as a passphrase to unlock LUKS volumes
- The client, clevis, has to be Oracle Linux 8, as clevis on Oracle Linux 7 has limited functionality and requires a different set of commands which are not covered in this document
- The server, tang, can be ran on Oracle Linux 7 or 8
Note, below is an example hence all certificates, keys and device names/uuid's are fictional.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.