Help.How to encrypt home partition after install?

I have two partiotions and separate and not lvm
1brtfs for boot
2 xfs for home
I login with root (startx) and unmount home partition, then go to yast>partitioner>select home partition>edit>checked do not format partition and checked encrypt device>next>enter root pasword>but show error

Could not set encryption
system error code is -3016
The encryption password provided could be incorrect.

why i couldn’t encrypt home partition while unmount home partition?
how to encrypt home partitions? and How do I introduce a system?
I do backup in home
#sorry for my bad english

You need to backup “/home”. Okay, it looks as if you have done that.

In Yast Partitioner:

  1. select option to format partition;
  2. select option to encrypt partition.

This time, when it asks for the key, that’s a new key for the encryption.

Your mistake was to not set the partition to be formatted. So Yast assumed that it was already encrypted, but the key that you gave did not decrypt it.

After you are done, you will have to restore from your backup.

Thanks I do, but I must each time boot enter password home. then until show login screen I don’t want each time boot enter password home and enter password user how to mount home partition without ask password home?

This is confusing. Or I am confused. Or something.

If you use an encrypted “/home”, then you will need to enter the encryption key on each boot. You may also need to enter your user password for each login.

If I am understanding you, then that’s what you don’t want.

One option for this is to setup auto-login. So you give the encryption key on boot, but you don’t have to give the login password as you are automatically logged in. Personally, I don’t like “autologin”, but I mention it as an option.

Another option would be to encrypt just the home directory, and to use your login password as the encryption key. Then the home directory is supposed to be automatically unlocked on login. I have used this on my work computer, with “ecryptfs” for encrypting the home directory. It worked pretty well. It allows the computer to boot without an encryption key. If you do that, it is recommended that you also encrypt swap. So I used encrypted swap on that work computer, with a random encryption key. The one disadvantage is that you cannot hibernate – or, more accurately, you cannot restore from hibernation. I never hibernate, so that wasn’t an issue for me.

I’ll wait for your reply, since I’m now not sure what you are really wanting to do.

thank you. I forgot to say. opensusr have big bug with home encrypted . after enter home password. when enter password login but not login and freeze screen. I login with root and disable user pass again not login. my English is bad if you can report this bug.


There are two problems that I am aware of.

(1) With an encrypted home directory, the way that Yast sets it up, there seems to be a problem with loading the “loop” module. Doing “modprobe loop” before the login should fix that. Maybe the bug has been fixed (not sure). In any case, you can add a file to “/etc/modules-load.d” that forces loading of the loop module.

This is not an issue with “ecryptfs” for encrypting the home directory. However, there may be a need to use “modprobe ecryptfs” before setting up a user for “ecryptfs”. But, once setup, it just works (you do need to install “ecryptfs”).

(2) With an encrypted home partition, apparently some users are not being prompted for the encryption key during boot, or the prompting is too short and if you miss it, the system goes into emergency mode. As far as I know, this only happens on Tumbleweed and should not be a problem with 42.1

In any case, my personal practice and my advice would be:

If you don’t mind entering an encryption key during boot, then use an encrypted LVM.
If you want to be able to boot unattended (no encryption key prompt), then use an ecryptfs encrypted home directory and randomly encrypted swap – and plan to never hibernate.

I wish I knew what that means. But I am left guessing.

Maybe you can post the output from:

grep "/home" /etc/fstab
grep "$USER" /etc/passwd

In the second of those commands, replace “$USER” with the userid that you use for login (possibly your first name or your last name all in lower case).

how to encrypt home directory with “ecryptfs”?

not perfect mount or not login or not work opensuse with home encrypted.

I am very sorry. I soon got judgment. This was. my wrong, try again now work encrypted home

  1. Install ecryptfs-utils
  2. grep ecryptfs /etc/pam.d/*
  3. If no lines are found by that grep, then (as root)
# pam-config -a --ecryptfs

(there’s an open bug report on this problem).

  1. Make sure that the user is not logged in.
  2. As root:
# modprobe ecryptfs

(it’s a bug that this is needed, but it is only needed once).

  1. As root:
# ecryptfs-migrate-home -u userid

(where “userid” is the login name of the user.

That’s it. After that, it should work. The command “ecryptfs-migrate-home” is just a script in “/usr/bin” (after installing ecryptfs-utils). You can read it. It does suggest that you have a backup before you do this, just in case something goes wrong. It also recommends that you encrypt swap, with “ecryptfs-setup-swap”. It will be randomly encrypted swap, and it will break hibernation.

First Thanks to nrickert. problem was permissions. after change permission directory home. work login user