User Tools

Site Tools


Switch to an encrypted home partition

Backup everything on your home partition first !

As root:

umount /home
    # Get the /dev/sdXY associated to your /home, in my case /dev/sda6
# Make some noise, erase everything on /home
badblocks -c 10240 -s -w -t random -v /dev/sda6
# Encrypt the partition
cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/sda6
    # Enter a Master key
cryptsetup luksAddKey /dev/sda6
    # Enter your user's password
# Unlock the partition
cryptsetup luksOpen /dev/sda6 home
    # Enter a key, doesn't matter which one
# Re-create the filesystem
mkfs.ext4 /dev/mapper/home

aptitude install libpam-mount

Edit the file /etc/security/pam_mount.conf.xml, add before the closing tag:

<volume fstype="crypt" path="/dev/sda6" mountpoint="/home" />

Edit the file /etc/fstab, comment the line for /home
Permalink linux/encrypted_home.txt · Last modified: 2015/08/21 11:17 by Hyde179