Ubuntu - How to use persistent encrypted partition

Simple solution using Linux Unified Key Setup.

Create key with random 4096 bytes and store it in /root/hdkey file:

$ sudo dd iflag=fullblock if=/dev/random of=/root/hdkey bs=4096 count=1

Initialize LUKS partition (/dev/sdaZ in this example) and set key:

$ sudo cryptsetup luksFormat /dev/sdaZ -d /root/hdkey -q

Open LUKS partition and map it as homefs (in this example):

$ sudo cryptsetup luksOpen /dev/sdaZ homefs -d /root/hdkey 

Format encrypted homefs and close it:

$ sudo mkfs.ext4 /dev/mapper/homefs 
$ sudo cryptsetup luksClose homefs 

Edit /etc/crypttab configuration file and add similar line:

homefs     /dev/sdaZ /root/hdkey  luks

Edit /etc/fstab file if you want to mount it at boot:

/dev/mapper/homefs /home ext4 defaults 0 2

To check changes without reboot issue command:

root@milosz-live:/mnt# /etc/init.d/cryptdisks restart
 * Stopping remaining crypto disks...                                            
 * cryptswap1 (busy)...                                                          
 * tempfs (busy)...                                                              
 * homefs (stopped)...                                                   [ OK ] 
 * Starting remaining crypto disks...                                            
 * cryptswap1 (running)...                                                       
 * tempfs (running)...                                                           
 * homefs (starting)..
 * homefs (started)...  

Don't forget to secure key.

Update - 18.05.2015

Updated Google code - cryptsetup link to new location at GitLab - cryptsetup.

Milosz Galazka's Picture

About Milosz Galazka

Milosz is a system administrator working for a successful Polish company and a long time supporter of Free Software Foundation and Debian operating system.

Gdansk, Poland https://sleeplessbeastie.eu