Pervasive Encryption for Data Volumes

This document describes an infrastructure for protected volume encryption which provides end-to-end protection for data at rest for Linux on Z and LinuxONE.

This publication provides required setup information and describes various scenarios that deal with the data management on the encrypted disks or partitions, with key management, and with tasks of backup, recovery, and migration.

It is assumed that you have knowledge about cryptographic applications and solution design, as well as the required cryptographic functions and algorithms.

This publication provides information that is based on the minimum level of required upstream features. Support in a particular Linux distribution might differ.

If your distribution does not include the features that are required for using the infrastructure for protected volume encryption to its full extent, you might have to install them manually.