例如,这会在/dev/sda 上创建 1 个分区,作为/dev/sda1,它被转换为 LUKS 容器,该容器进一步分区为 2 个子分区:
sgdisk -Z /dev/sda
sgdisk -n 1:0:0 -t 1:8300 -c 1:"Test Partition" /dev/sda
cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 1000 --use-urandom luksFormat /dev/sda1
cryptsetup luksOpen --allow-discards "test_encrypted"
sgdisk -Z /dev/mapper/test_encrypted
sgdisk -n 1:0:+6GB -t 1:8300 -c 1:"sub_test_1" /dev/mapper/test_encrypted
sgdisk -n 2:0:0 -t 2:8300 -c 2:"sub_test_2" /dev/mapper/test_encrypted
partprobe -s /dev/mapper/test_encrypted
lsblk
cryptsetup luksClose test_encrypted
尝试这样做,回馈:device-mapper: remove ioctl on test_encrypted failed: Device or resource busy,然后Device test_encrypted is still in use.
子分区有效,但是一旦 partprobe 向内核报告了子分区,就无法再关闭它了。
>kpartx允许删除带有-d参数的分区映射。如果partprobe无法支持此功能,我建议改用它。