Ubuntu - How to use encrypted tmp partition

The answer is to recreate encrypted tmp partition every boot with random key as you do not need to keep temporary data in memory.

Create partition to store temporary data (/dev/sdaY in this example).

Edit /etc/crypttab configuration file and add similar entry so it will use random key and ext4 filesystem:

tempfs     /dev/sdaY /dev/urandom tmp=ext4,cipher=aes-cbc-essiv:sha256

Add an entry to /etc/fstab configuration file so it would be mounted at boot time and not checked by fsck:

/dev/mapper/tempfs /tmp ext4 defaults 0 0

You can check changes (without reboot) by executing commands:

$ sudo /etc/init.d/cryptdisks restart
 * Stopping remaining crypto disks...                                            
 * cryptswap1 (busy)...                                                          
 * tempfs (stopped)...                                                   [ OK ] 
 * Starting remaining crypto disks...                                            
 * cryptswap1 (running)...                                                       
 * tempfs (starting)..
 * tempfs (started)...                                                   [ OK ] 
$ sudo mount /tmp
Milosz Galazka's Picture

About Milosz Galazka

Milosz is a system administrator working for a successful Polish company and a long time supporter of Free Software Foundation and Debian operating system.

Gdansk, Poland https://sleeplessbeastie.eu