Ubuntu – How to use encrypted tmp partition

The answer is to recreate encrypted tmp partition every boot with random key as you do not need to keep temporary data in memory.

Create partition to store temporary data (/dev/sdaY in this example).

Edit /etc/crypttab configuration file and add similar entry so it will use random key and ext4 filesystem:

tempfs     /dev/sdaY /dev/urandom tmp=ext4,cipher=aes-cbc-essiv:sha256

Add an entry to /etc/fstab configuration file so it would be mounted at boot time and not checked by fsck:

/dev/mapper/tempfs /tmp ext4 defaults 0 0

You can check changes (without reboot) by executing commands:

$ sudo /etc/init.d/cryptdisks restart
 * Stopping remaining crypto disks...
 * cryptswap1 (busy)...
 * tempfs (stopped)...                                                   [ OK ]
 * Starting remaining crypto disks...
 * cryptswap1 (running)...
 * tempfs (starting)..
 * tempfs (started)...                                                   [ OK ]
$ sudo mount /tmp