How to encrypt /home partition, /tmp and /var/tmp and /swap?

HI,

I just installed TW and want to encrypt /home, /swap, /tmp and /var/tmp.
Doc.opensuse lists and entry on how this can be done:
https://doc.opensuse.org/documentation/leap/security/html/book.security/cha.security.cryptofs.html#sec.security.cryptofs.y2.vdisk

At least how to do home is described here: https://doc.opensuse.org/documentation/leap/startup/html/book.opensuse.startup/cha.y2.userman.html (EDIT: “Use Encrypted Home Directory” does not show up in my TW Yast)
But what about the other directories and /swap?

Can anyone help?

Thanks.

Do you actually need partitions? I think partitions are a waste of space but many people still start with partitioning even if there are hardly any reasons to do so.

If you do not need partitions or if you can abstract them into logical volumes, then you can simply create an enrypted lvm which holds logical volumes for root, home and swap. Done. I would even drop the home lv. Looks somwhat like this

├─sda6 8:6 0 401M 0 part /boot
└─sda7 8:7 0 353,7G 0 part
└─cr_ata-ABC-part7 254:0 0 353,7G 0 crypt
├─system-root 254:1 0 345,7G 0 lvm /
└─system-swap 254:2 0 8G 0 lvm [SWAP]

I think I did this with the installer.

I see some confusion here.

  • I assume you you want to encrypt swap, not a directory (file system?) /swap.
  • An Encrypted Home Directory is something different from an encrypted /home directory (file system?).

So if you know both and just told it a bit sloppy, then it is OK. But when you are not knowing these things, you better first try to understand them else discussions will be confusing for all.

That makes more sense?