How can I fingerprint a disk to check if it has been tampered with?

Question

An example is cold storage of backups that include an operating system with LUKS disk encryption. How can I know the disk hasn’t been tampered with before entering the LUKS passphrase? I am looking for something similar to openssl dgst -sha256 /path/to/file, but for a whole disk (USB storage). How about the same at the partition level?

score 4 · Accepted Answer · answered May 29 '19 at 14:30

4

Partitions are available as "files" too, so you can use the same tools :)

openssl dgst -sha256 /dev/mapper/whatever-your-luks-storage-is

answered May 29 '19 at 14:30

Dennis Kaarsemaker

19,277
2
44
70

score 1 · Answer 2 · answered May 29 '19 at 14:30

1

Something like can do the work:

dd if=/dev/disk_to_check|sha1sum

Of course you can change the hash algorithm to something else (sha256, sha3...)

answered May 29 '19 at 14:30

Romeo Ninov

5,263
4
20
26

How can I fingerprint a disk to check if it has been tampered with?

2 Answers2