====== LUKS ======

^ add key | cryptsetup luksAddKey /dev/disk/by-partlabel/CRYPT |
^ close device | cryptsetup luksClose /dev/mapper/OPENEDCRYPT |

===== LVM on LUKS =====

==== format disk with LUKS and LVM ====
<code bash>
cryptsetup luksFormat -y /dev/disk/by-partlabel/CRYPTPART
cryptsetup luksOpen /dev/disk/by-partlabel/CRYPTPART LVMCRYPT
pvcreate /dev/mapper/LVMCRYPT
vgcreate CRYPT_DATA /dev/mapper/LVMCRYPT
lvcreate -n LVNAME -l100%VG CRYPT_DATA
mkfs.xfs /dev/mapper/LVNAME
</code>

==== resize LVM on LUKS ====
[[https://wiki.archlinux.org/index.php/Resizing_LVM-on-LUKS|Arch Wiki: Resizing LVM on LUKS]]

[[https://unix.stackexchange.com/questions/320957/extend-a-luks-encrypted-partition-to-fill-disk|Extend LUKS encrypted partition to fill entire disk]]

===== unlock with TPM =====
  * [[https://blog.dowhile0.org/2017/10/18/automatic-luks-volumes-unlocking-using-a-tpm2-chip/|Automatic LUKS volumes unlocking using a TPM2 chip]]

===== Troubleshooting =====
==== Command failed: Device busy on LVM ====
<code>vgchange -a n VOLGROUPNAME</code>

===== further reading =====
  * [[https://wiki.alpinelinux.org/wiki/LVM_on_LUKS|LVM on LUKS]] (Alpine Linux Wiki)