Ubuntu – How to use persistent encrypted partition

Simple solution using Linux Unified Key Setup.

Create key with random 4096 bytes and store it in /root/hdkey file:

$ sudo dd iflag=fullblock if=/dev/random of=/root/hdkey bs=4096 count=1

Initialize LUKS partition (/dev/sdaZ in this example) and set key:

$ sudo cryptsetup luksFormat /dev/sdaZ -d /root/hdkey -q

Open LUKS partition and map it as homefs (in this example):

$ sudo cryptsetup luksOpen /dev/sdaZ homefs -d /root/hdkey

Format encrypted homefs and close it:

$ sudo mkfs.ext4 /dev/mapper/homefs

$ sudo cryptsetup luksClose homefs

Edit /etc/crypttab configuration file and add similar line:

homefs     /dev/sdaZ /root/hdkey  luks

Edit /etc/fstab file if you want to mount it at boot:

/dev/mapper/homefs /home ext4 defaults 0 2

To check changes without reboot issue command:

root@milosz-live:/mnt# /etc/init.d/cryptdisks restart
 * Stopping remaining crypto disks...
 * cryptswap1 (busy)...
 * tempfs (busy)...
 * homefs (stopped)...                                                   [ OK ]
 * Starting remaining crypto disks...
 * cryptswap1 (running)...
 * tempfs (running)...
 * homefs (starting)..
 * homefs (started)...

Don’t forget to secure key.

Update – 18.05.2015

Updated Google code – cryptsetup link to new location at GitLab – cryptsetup.