User Tools

Site Tools


Switch to an encrypted home partition

<note warning>Backup everything on your home partition first !</note> As root:

umount /home
    # Get the /dev/sdXY associated to your /home, in my case /dev/sda6
# Make some noise, erase everything on /home
badblocks -c 10240 -s -w -t random -v /dev/sda6
# Encrypt the partition
cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/sda6
    # Enter a Master key
cryptsetup luksAddKey /dev/sda6
    # Enter your user's password
# Unlock the partition
cryptsetup luksOpen /dev/sda6 home
    # Enter a key, doesn't matter which one
# Re-create the filesystem
mkfs.ext4 /dev/mapper/home

aptitude install libpam-mount

Edit the file /etc/security/pam_mount.conf.xml, add before the closing tag:

<volume fstype="crypt" path="/dev/sda6" mountpoint="/home" />

Edit the file /etc/fstab, comment the line for /home
/home/share/www/ · Last modified: 2019/12/25 15:40 (external edit)