User Tools

Site Tools


# Switch to an encrypted home partition

<note warning>Backup everything on your home partition first !</note> As root:

  umount /home
      # Get the /dev/sdXY associated to your /home, in my case /dev/sda6
  # Make some noise, erase everything on /home
  badblocks -c 10240 -s -w -t random -v /dev/sda6
  # Encrypt the partition
  cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/sda6
      # Enter a Master key
  cryptsetup luksAddKey /dev/sda6
      # Enter your user's password
  # Unlock the partition
  cryptsetup luksOpen /dev/sda6 home
      # Enter a key, doesn't matter which one
  # Re-create the filesystem
  mkfs.ext4 /dev/mapper/home
  aptitude install libpam-mount
  Edit the file /etc/security/pam_mount.conf.xml, add before the closing tag:
  <volume fstype="crypt" path="/dev/sda6" mountpoint="/home" />
  Edit the file /etc/fstab, comment the line for /home
/home/share/www/ · Last modified: 2023/11/24 21:55 by