From LQWiki

Filesystem encryption in Linux allows you to encrypt all of the data on a drive using a password or other key. This allows for the protection of sensitive data in case of theft of a computer or disk. The technique is very flexible; for example, the encryption key can be kept on a USB Flash drive, with the contents protected by another passphrase.

Cryptoloop

The 'old'/deprecated method is Linux is called cryptoloop, which is similar to the normal loop mounting method in Linux. This requires that the CryptoAPI and Cryptoloop options be enabled in your Linux kernel (module called 'cryptoloop', with separate modules for each cipher which should me automatically loaded by cryptoloop). See the Disk Encryption HOWTO for install instructions.

dm-crypt

The 'new' method was created because there were several security problems with cryptoloop and the code wasn't considered clean. The new method is based on the existing device-mapper code in the 2.6 kernel. It's available in the kernel since version 2.6.4. The kernel config options needed are device mapper support and dm-crypt. Both options can be found under 'Device drivers','Multi-device support (RAID and LVM)' in the various kernel config frontends. Setting up dm-crypt is a bit more difficult compared to cryptoloop. The programs cryptsetup [1] and cryptmount [2] can help with that.

External links

• Cryptoloop Migration Guide (clemens.endorphin.org)