Cryptsetup

cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-urandom --verify-passphrase luksFormat /dev/sdX0

Or, with default option

cryptsetup luksFormat /dev/sdX0

cryptsetup luksOpen /dev/sdX0 rootfs
mkfs.ext4 /dev/mapper/rootfs
mount /dev/mapper/rootfs /mnt/rootfs

cryptsetup luksDump /dev/sdX0

umount /mmt/rootfs
cryptsetup luksClose rootfs

產生亂數金鑰

dd if=/dev/random of=/etc/data_volume_password bs=1024 count=4

加入 key slot

cryptsetup luksAddKey /dev/sdX /data_volume_password

移除 key slot

cryptsetup luksKillslot /dev/sdX 1

設定UUID

cryptsetup luksUUID /dev/sda1 --uuid "$newuuid"