Installing Debian 8 (Jessie) with LUKS Encrypted /home and /var Partitions

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Matei Cezar

I'am a computer addicted guy, a fan of open source and linux based system software, have about 4 years experience with Linux distributions desktop, servers and bash scripting.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

19 Responses

  1. Ivan says:

    hi guys

    i want to know how to make passpshrase to automaticaly boot from usb.

  2. Graham says:

    Yeah, I’m not convinced automatic decryption works in Debian. If you issue ‘update-initramfs -u -k all’ you get the error, ‘cryptsetup: WARNING: target sdaX_crypt uses a key file, skipped.’ which will hang the system at boot.

    They’re dicking around with systemd and can’t get it sorted out so it isn’t clear if you can use a keyscript in Jessie/Stable.

  3. Jim Braxton says:

    >All sensitive data stored in /home and /var partitions will be highly secured in case someone gains physical access to your machine hard-drive.

    I’m sorry, how exactly is it gonna be secured from anyone when we’ve just configured these partitions to be mounted automatically without asking the passphrase so anyone will be able to login on our machine and read all the data from these partitions?

    • Matei Cezar says:

      That’s just a simple trick used to decrypt the partitions. I wouldn’t suggest that you should host the key on any of internal hard-disks but you can use an external drive to keep the key secure and plug the drive.

  4. Matei Cezar says:

    If you can boot-up and login to the console check if the / partition is present on fstab (i’m guessing the root partition is not encrypted). Then update the initramfs image with the command ‘update-initramfs -u’

  5. z3d0 says:

    Hi, after “update-initramfs -u -k all” the system won’t boot anymore with the error “Unable to find LVM volume hostname-vg/root”. Without that command the passphrase as still asked at boot. Do I need to add anything to /etc/fstab?
    Any other suggestion?

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.