Configuring a directory with encryption using LVM

Published: Monday, Feb 18, 2008 Last modified: Thursday, Jul 29, 2021

UPDATE: I have suffered some sort of corruption with this approach. As a result I do not recommend the instructions below. I encourage you to look into more solid loopback encryption techniques.

Also please see [[e/01211]].

This fallible approach is also known as encryption over LVM.

I created the logical volume from the volume group ‘x61’.

sudo lvcreate -n crypt -L 12.27GB x61

This will prompt you for a password. Don’t forget it!

sudo cryptsetup create crypt /dev/x61/crypt

x61:~% sudo cryptsetup status crypt
/dev/mapper/crypt is active:
  cipher:  aes-cbc-plain
  keysize: 256 bits
  device:  /dev/dm-4
  offset:  0 sectors
  size:    25739264 sectors
  mode:    read/write

Create the ext3 filesystem:

sudo mke2fs -j -O dir_index,filetype,sparse_super /dev/mapper/crypt

Setup the crypttab to tell the system how to unlock the disk

x61:~% cat /etc/crypttab

# <target name> <source device>         <key file>      <options>

crypt /dev/x61/crypt none checkargs=ext2,noauto

An fstab line to mount it

x61:~% grep crypt /etc/fstab

/dev/mapper/crypt /home/hendry/crypt ext3    defaults,noauto,user        0       0

SO to start using my special encrypted folder, I now have to run:

sudo cryptdisks_start crypt

mount /home/hendry/crypt

So here is what I have my disk & LVM finally setup as:

x61:~% sudo lvscan
  ACTIVE            '/dev/x61/root' [16.68 GB] inherit
  ACTIVE            '/dev/x61/swap_1' [2.59 GB] inherit
  ACTIVE            '/dev/x61/home' [80.00 GB] inherit
  ACTIVE            '/dev/x61/crypt' [12.27 GB] inherit

x61:~% sudo pvscan
  PV /dev/sda5   VG x61   lvm2 [111.55 GB / 4.00 MB free]
  Total: 1 [111.55 GB] / in use: 1 [111.55 GB] / in no VG: 0 [0   ]

Furthermore, encrypting a swap partition.