Encrypting the home partition in DragonFlyBSD
phma at bezitopo.org
Mon Jul 8 11:28:33 PDT 2013
On Monday, July 08, 2013 09:21:34 Siju George wrote:
> Could some one please tell me if it is possible to encrypt /home partition
> and how to do it?
I have two DragonFly boxes, both with a /crypt partition. To set it up:
1. Make a partition.
2. Use cryptsetup to set up encryption on the partition:
# cryptsetup luksFormat /dev/serno/BLAH.s1d
3. Add a line to /etc/crypttab:
crypt /dev/serno/BLAH.s1d none tries=3,timeout=200
Without the timeout, the computer will wait until you type the password. If it
boots unattended and you need it to come up without you, put a timeout.
4. Open the encrypted partition:
# /etc/rc.d/cryptdisks start
The plaintext device will appear in /dev/mapper/.
5. Create a filesystem on the plaintext device. If it's Hammer, you can add
VFSes to it, and they will likewise be encrypted on disk.
You have to load dm_target_crypt before opening the partition. If you put
"dm_target_crypt_load" in /boot/loader.conf and the box crashes on booting,
you have bug 2557, in which case you can't encrypt the root partition. See
If you want both swap and /home encrypted together, you have to use LVM. I've
done this in Linux, but haven't used LVM in DFly because it has Hammer and I
haven't needed to encrypt swap.
sei do'anai mi'a djuno puze'e noroi nalselganse srera
More information about the Users