When unlocking the block device you use a file by adding the '--header' parameter to your call to 'cryptsetup'.
If you have your detached header, you can overwrite the original header of the encrypted block device with random data.
Here is a lengthy and technical description of how to do it: https://wiki.archlinux.org/title/Dm-crypt/Specialties#Encrypted_/boot_and_a_detached_LUKS_header_on_USB
Power management, mobile and firmware developer on Linux. Security developer at nvidia. Ex-biologist. Content here should not be interpreted as the opinion of my employer. Also on Mastodon and Bluesky.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Re: Separate header
Date: 2023-04-18 02:45 pm (UTC)If you have your detached header, you can overwrite the original header of the encrypted block device with random data.
Here is a lengthy and technical description of how to do it:
https://wiki.archlinux.org/title/Dm-crypt/Specialties#Encrypted_/boot_and_a_detached_LUKS_header_on_USB