Working with encrypted volumes

Learn how to configure an encrypted volume (or a disk or partition). Content that you write to such an adequately configured volume is transparently encrypted or decrypted depending on the I/O request.

Note: If you use an LVM configuration, apply the encryption on the physical volume level. That is, encrypt /dev/mapper/disk<n> and then add the encrypted volume to the LVM volume group.

Remember: In the context of this document, the term volume also stands for an entire disk, or a partition on a disk, or for any other block device in Linux® on Z and LinuxONE.

The documented tasks and scenarios in this publication focus on volumes formatted with LUKS2. A procedure how to work with volumes in plain mode is presented in Encrypting volumes without LUKS.