How to encrypt /home partition, /tmp and /var/tmp and /swap?

SF6 · January 18, 2018, 7:50am

HI,

I just installed TW and want to encrypt /home, /swap, /tmp and /var/tmp.
Doc.opensuse lists and entry on how this can be done:
https://doc.opensuse.org/documentation/leap/security/html/book.security/cha.security.cryptofs.html#sec.security.cryptofs.y2.vdisk

At least how to do home is described here: https://doc.opensuse.org/documentation/leap/startup/html/book.opensuse.startup/cha.y2.userman.html (EDIT: “Use Encrypted Home Directory” does not show up in my TW Yast)
But what about the other directories and /swap?

Can anyone help?

Thanks.

markdd · January 18, 2018, 10:02am

Do you actually need partitions? I think partitions are a waste of space but many people still start with partitioning even if there are hardly any reasons to do so.

If you do not need partitions or if you can abstract them into logical volumes, then you can simply create an enrypted lvm which holds logical volumes for root, home and swap. Done. I would even drop the home lv. Looks somwhat like this

├─sda6 8:6 0 401M 0 part /boot
└─sda7 8:7 0 353,7G 0 part
└─cr_ata-ABC-part7 254:0 0 353,7G 0 crypt
├─system-root 254:1 0 345,7G 0 lvm /
└─system-swap 254:2 0 8G 0 lvm [SWAP]

I think I did this with the installer.

hcvv · January 18, 2018, 10:11am

I see some confusion here.

I assume you you want to encrypt swap, not a directory (file system?) /swap.
An Encrypted Home Directory is something different from an encrypted /home directory (file system?).

So if you know both and just told it a bit sloppy, then it is OK. But when you are not knowing these things, you better first try to understand them else discussions will be confusing for all.

SF6 · January 21, 2018, 10:40am

That makes more sense?