I want to use an existing LUKs excrypted partition as /home
Can the installer (in the Aug 2011 ISO) recognise LUKS encrypted partitions? I came across some references to problems with the old ISO.
If not, are there any known issues with installing on my (unencrypted) / parition and manually adding the crypttab and fstab entries to mount the encrypted partition (which is what I have done with various distros in the past)?
Does the installer now use LUKs encrypted partitions?
Forum rules
LMDE 2 has reached end of support as of 1-1-2019
LMDE 2 has reached end of support as of 1-1-2019
-
graeme
Does the installer now use LUKs encrypted partitions?
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
-
graeme
Re: Does the installer now use LUKs encrypted partitions?
I see from an earlier post that you want hibernate to work, so you have bit of extra config (possibly not if you use full disk encryption like Trye Crypt instead)
-
graeme
Re: Does the installer now use LUKs encrypted partitions?
The installer seemed to recognise my encrypted partition, but did not indicate it had recognised it as encrypted, so I played it safe and did it by editing fstab and crypttab.
-
TomRoche
Re: Does the installer now use LUKs encrypted partitions?
graeme wrote: did it by editing fstab and crypttab.
For the benefit of the newbies out there, could you be a bit more specific about what you did and when you did it?
-
graeme
Re: Does the installer now use LUKs encrypted partitions?
I already had a luks encrypted partition, so all I did was add:
to /etc/crypttab
and
to /etc/fstab
and commented out the existing line for /home in fstab
Obviously you can use UUIDs instead of /dev/sd[X] and you need to change the fs type if it is not ext3.
"home" in the first column of crypttab is an arbitrary name, but it must match the /dev/mapper/[name] in the first column of fstab
I do not have instructions on how to create the encrypted partition, but there are lots of tutorials on the net.
You probably want to encrypt your swap partition as well, if you use one.
If I was starting to encrypt now, I would definitely look at ecryptfs which encrypts at the file level. I think Mint supports it out of the box by offering encrypted user directories.
Code: Select all
home /dev/sda6 none luks,tries=3and
Code: Select all
/dev/mapper/home /home ext3 defaults 1 2and commented out the existing line for /home in fstab
Obviously you can use UUIDs instead of /dev/sd[X] and you need to change the fs type if it is not ext3.
"home" in the first column of crypttab is an arbitrary name, but it must match the /dev/mapper/[name] in the first column of fstab
I do not have instructions on how to create the encrypted partition, but there are lots of tutorials on the net.
You probably want to encrypt your swap partition as well, if you use one.
If I was starting to encrypt now, I would definitely look at ecryptfs which encrypts at the file level. I think Mint supports it out of the box by offering encrypted user directories.