Ubuntu encrypted home - lvm way

1. Create lvm partition. (sdaXX)
# fdisk /dev/sda
and then create 1 partition for root, swap and the rest for home.

2. Create physical extend.

# pvcreate /dev/sda3

3. Create logical volume
# lvcreate -n crypted-home -L 200G vg0
(you can leave free space if you want to be able to add additional partitions later)

4. Install needed tools
# aptitude -y install cryptsetup initramfs-tools hashalot lvm2
# modprobe dm-crypt
# modprobe dm-mod

5. Check for bad blocks (optional)
# /sbin/badblocks -c 10240 -s -w -t random -v /dev/vg0/crypted-home

6. Setup crytped home partition with luks
# cryptsetup -y --cipher serpent-xts-essiv:sha256 --hash sha512 --key-size 512 -i 50000 luksFormat /dev/vg0/crypted-home
enter uppercase YES!!

7. Open the created crypted partition
# cryptsetup luksOpen /dev/vg0/crypted-home home

8. Create filesystem on the crypted home device
# mke2fs -j -O dir_index,filetype,sparse_super /dev/mapper/home

9. Mount and copy home files.
# mount -t ext3 /dev/mapper/home /mnt
# cp -axv /home/* /mnt/
# umount /mnt

10. Setup the system to open/mount crypted home.
Insert in /etc/fstab :
#
/dev/mapper/home /home ext3 defaults 1 2

After that, add an entry in /etc/crypttab:

#
home /dev/vg0/crypted-home none luks

Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

You can use [geshi lang=lang_name [,ln={y|n}]][/geshi] tags to embed source code snippets.
Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.
To leave a comment you must approve it via e-mail, which will be sent to your address after submission.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.