My Oracle Support Banner

Oracle Linux: Disk Encryption Using Network Based Key Services ( NBDE ) on Oracle Linux 8 (Doc ID 2686064.1)

Last updated on AUGUST 21, 2020

Applies to:

Linux OS - Version Oracle Linux 7.5 and later
Linux x86-64

Goal

How to create an encrypted XFS filesystem that's automatically unlocked at boot using clevis (client) and tang (server)

Based on https://oracle.github.io/linux-labs/NBDE/

Note, below is an example hence all certificates, keys and device names/uuid's are fictional.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
 Setup Tang Server
 Setup Clevis Client
 Create an encrypted filesystem
 Add a remote key to the encrypted device
 Mount the encrypted filesystem on boot
 Optional: Remove known passphrase
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.