Encrypting the home partition in DragonFlyBSD

Pierre Abbat phma at bezitopo.org
Mon Jul 8 11:28:33 PDT 2013


On Monday, July 08, 2013 09:21:34 Siju George wrote:
> Hi,
> 
> Could some one please tell me if it is possible to encrypt /home partition
> and how to do it?

I have two DragonFly boxes, both with a /crypt partition. To set it up:
1. Make a partition.
2. Use cryptsetup to set up encryption on the partition:
# cryptsetup luksFormat /dev/serno/BLAH.s1d
3. Add a line to /etc/crypttab:
crypt /dev/serno/BLAH.s1d none tries=3,timeout=200
Without the timeout, the computer will wait until you type the password. If it 
boots unattended and you need it to come up without you, put a timeout.
4. Open the encrypted partition:
# /etc/rc.d/cryptdisks start
The plaintext device will appear in /dev/mapper/.
5. Create a filesystem on the plaintext device. If it's Hammer, you can add 
VFSes to it, and they will likewise be encrypted on disk.

You have to load dm_target_crypt before opening the partition. If you put 
"dm_target_crypt_load" in /boot/loader.conf and the box crashes on booting, 
you have bug 2557, in which case you can't encrypt the root partition. See 
http://bugs.dragonflybsd.org/issues/2557 .

If you want both swap and /home encrypted together, you have to use LVM. I've 
done this in Linux, but haven't used LVM in DFly because it has Hammer and I 
haven't needed to encrypt swap.

Pierre
-- 
sei do'anai mi'a djuno puze'e noroi nalselganse srera




More information about the Users mailing list