Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Network-Based LUKS Volume Decryption with Tang

USENIX via YouTube

Overview

Explore network-based LUKS volume decryption using Tang in this LISA16 conference talk. Learn how to securely unlock encrypted server volumes at boot without admin interaction, addressing the challenges of managing encrypted systems at scale. Discover a solution that maintains data security while allowing automated decryption in secured environments. Gain insights into Tang API, LUKS volume encryption and layout, Clevis automated encryption framework, and the step-by-step process of setting up and implementing this system. Understand the differences between server and laptop encryption use-cases, and how this approach can protect data even when disks are accessed by third parties or in cloud environments.

Syllabus

Intro
USE CASE
BUT... DATA CENTERS ARE COMPLEX BEASTS
WHAT I DON'T WANT
ENVIRONMENT DEPENDENT DECRYPTION
TANG AND CLEVIS
TANG API
LUKS VOLUME ENCRYPTION
LUKS VOLUME LAYOUT
CLEVIS AUTOMATED ENCRYPTION FRAMEWORK
CLEVIS LUKS SETUP CLEVIS LUKS-BINO COMMAND BREAKDOWN
CLEVIS LUKS-BIND CLEVIS ENCRYPT
KEY RECOVERY
TANG SERVER INSTALL
TANG SERVER KEYS
CLEVIS SETUP INSTALLATION
SETUP AND TRUST
CLEVIS INITIALIZE LUKS METADATA
CLEVIS ADD LUKS KEY
FINAL STEP

Taught by

USENIX

Reviews

Start your review of Network-Based LUKS Volume Decryption with Tang

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.