Here’s how to set up an encrypted disk and swap partition on Fedora 6. Refer to Disk encryption in Fedora: Past, present and future for more information. For RedHat (RHEL 4) or CentOS 4, refer to http://wiki.centos.org/TipsAndTricks/EncryptedFilesystem.
Warning: I have no idea how to set up encrypted disks in combination with LVM. I tend to shy away from LVM because it’s yet another layer of abstraction, making it difficult to recover a broken system. However, the following links may be of help: [1], [2].
In these examples, I’m encrypting the /home partition located on partition /dev/sda5, and the swap partition located on /dev/sda3. The partitions will be different on your system.
Create and Format Encrypted Disk
Before you start, you may want to obliterate the partition that will hold the encypted file system:
$ shred /dev/sda5
Setup the crypt disk:
$ cryptsetup -y --cipher aes-cbc-essiv:sha256 --key-size 256 luksFormat /dev/sda5 # You must type "YES" to proceed # It will prompt you for a passphrase twice $ cryptsetup luksOpen /dev/sda5 home $ mkfs.ext3 -L /home /dev/mapper/home $ cryptsetup luksClose home
Create /etc/crypttab
Create the /etc/crypttab file. It should be formatted as follows:
swap /dev/sda3 /dev/urandom swap,cipher=aes-cbc-essiv:sha256 home /dev/sda5 none luks
Edit /etc/fstab
/dev/mapper/home /home ext3 defaults 2 1 /dev/mapper/swap swap swap defaults 0 0
Whenever you boot the system, it will prompt you for your passphrase for the /home partition.