C.4.4. 创建一个映射来允许访问设备中未加密的内容
要访问设备中未加密的内容,必须使用内核device-mapper
做个映射。
为映射起个有实际意义的名字是很有用的。LUKS为每个设备都提供了UUID(Universally Unique Identifier)。这个与设备名不同(例如/dev/sda3
),在LUKS头保持完好时,UUID会保持不变。使用以下命令查找LUKS设备的UUID:
cryptsetup luksUUID <device>
An example of a reliable, informative and unique mapping name would be luks-<uuid>
, where <uuid> is replaced with the device's LUKS UUID (eg: luks-50ec957a-5b5a-47ee-85e6-f8085bbc97a8
). This naming convention might seem unwieldy but is it not necessary to type it often.
cryptsetup luksOpen <device> <name>
There should now be a device node, /dev/mapper/<name>
, which represents the decrypted device. This block device can be read from and written to like any other unencrypted block device.
To see some information about the mapped device, use the following command:
dmsetup info <name>
提示
For more information, read the dmsetup(8)
man page.