Configuring a directory with encryption using LVM
Published: Monday, Feb 18, 2008 Last modified: Monday, Dec 9, 2024
UPDATE: I have suffered some sort of corruption with this approach. As a result I do not recommend the instructions below. I encourage you to look into more solid loopback encryption techniques.
Also please see [[e/01211]].
This fallible approach is also known as encryption over LVM.
I created the logical volume from the volume group ‘x61’.
sudo lvcreate -n crypt -L 12.27GB x61
This will prompt you for a password. Don’t forget it!
sudo cryptsetup create crypt /dev/x61/crypt
x61:~% sudo cryptsetup status crypt
/dev/mapper/crypt is active:
cipher: aes-cbc-plain
keysize: 256 bits
device: /dev/dm-4
offset: 0 sectors
size: 25739264 sectors
mode: read/write
Create the ext3 filesystem:
sudo mke2fs -j -O dir_index,filetype,sparse_super /dev/mapper/crypt
Setup the crypttab to tell the system how to unlock the disk
x61:~% cat /etc/crypttab
# <target name> <source device> <key file> <options>
crypt /dev/x61/crypt none checkargs=ext2,noauto
An fstab line to mount it
x61:~% grep crypt /etc/fstab
/dev/mapper/crypt /home/hendry/crypt ext3 defaults,noauto,user 0 0
SO to start using my special encrypted folder, I now have to run:
sudo cryptdisks_start crypt
mount /home/hendry/crypt
So here is what I have my disk & LVM finally setup as:
x61:~% sudo lvscan
ACTIVE '/dev/x61/root' [16.68 GB] inherit
ACTIVE '/dev/x61/swap_1' [2.59 GB] inherit
ACTIVE '/dev/x61/home' [80.00 GB] inherit
ACTIVE '/dev/x61/crypt' [12.27 GB] inherit
x61:~% sudo pvscan
PV /dev/sda5 VG x61 lvm2 [111.55 GB / 4.00 MB free]
Total: 1 [111.55 GB] / in use: 1 [111.55 GB] / in no VG: 0 [0 ]
Furthermore, encrypting a swap partition.