<!doctype html> <html lang="en" class="no-js"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width,initial-scale=1"> <meta name="description" content="Trent's blog of mostly technical documentations."> <link rel="canonical" href="https://blog.trentsonlinedocs.xyz/posts/lmde3-xfs-full-disk-encryption/"> <link rel="icon" href="../../assets/images/favicon.png"> <meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6"> <title>LMDE3 xfs Full Disk Encryption - Trent's Blog</title> <link rel="stylesheet" href="../../assets/stylesheets/main.802231af.min.css"> <link rel="stylesheet" href="../../assets/stylesheets/palette.3f5d1f46.min.css"> <meta name="theme-color" content="#ffffff"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback"> <style>:root{--md-text-font-family:"Roboto";--md-code-font-family:"Roboto Mono"}</style> <link rel="stylesheet" href="../../extra.css"> <meta property="og:type" content="website" /> <meta property="og:title" content="Trent's Blog - LMDE3 xfs Full Disk Encryption" /> <meta property="og:description" content="Trent's blog of mostly technical documentations." /> <meta property="og:url" content="https://blog.trentsonlinedocs.xyz/posts/lmde3-xfs-full-disk-encryption/" /> <meta property="og:image" content="https://blog.trentsonlinedocs.xyz/photos/trent.png" /> <meta property="og:image:type" content="image/png" /> <meta property="og:image:width" content="1120" /> <meta property="og:image:height" content="1120" /> <meta name="twitter:card" content="summary_large_image" /> <meta name="twitter:site" content="@BoringTrent" /> <meta name="twitter:creator" content="@BoringTrent" /> <meta name="twitter:title" content="Trent's Blog - LMDE3 xfs Full Disk Encryption" /> <meta name="twitter:description" content="Trent's blog of mostly technical documentations." /> <meta name="twitter:image" content="https://blog.trentsonlinedocs.xyz/photos/trent.png" /> <link href="https://blog.trentsonlinedocs.xyz/feed_rss_created.xml" type="application/rss+xml" rel="alternate" title="Trent's Blog - RSS Feed Created"/> <link href="https://blog.trentsonlinedocs.xyz/feed_rss_updated.xml" type="application/rss+xml" rel="alternate" title="Trent's Blog - RSS Feed Updated"/> </head> <body dir="ltr" data-md-color-scheme="default" data-md-color-primary="white" data-md-color-accent=""> <script>function __prefix(e){return new URL("../..",location).pathname+"."+e}function __get(e,t=localStorage){return JSON.parse(t.getItem(__prefix(e)))}</script> <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off"> <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off"> <label class="md-overlay" for="__drawer"></label> <div data-md-component="skip"> <a href="#introduction" class="md-skip"> Skip to content </a> </div> <div data-md-component="announce"> </div> <header class="md-header" data-md-component="header"> <nav class="md-header__inner md-grid" aria-label="Header"> <a href="../.." title="Trent's Blog" class="md-header__button md-logo" aria-label="Trent's Blog" data-md-component="logo"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54z"/></svg> </a> <label class="md-header__button md-icon" for="__drawer"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z"/></svg> </label> <div class="md-header__title" data-md-component="header-title"> <div class="md-header__ellipsis"> <div class="md-header__topic"> <span class="md-ellipsis"> Trent's Blog </span> </div> <div class="md-header__topic" data-md-component="header-topic"> <span class="md-ellipsis"> LMDE3 xfs Full Disk Encryption </span> </div> </div> </div> <label class="md-header__button md-icon" for="__search"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg> </label> <div class="md-search" data-md-component="search" role="dialog"> <label class="md-search__overlay" for="__search"></label> <div class="md-search__inner" role="search"> <form class="md-search__form" name="search"> <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required> <label class="md-search__icon md-icon" for="__search"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg> </label> <nav class="md-search__options" aria-label="Search"> <button type="reset" class="md-search__icon md-icon" aria-label="Clear" tabindex="-1"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41z"/></svg> </button> </nav> </form> <div class="md-search__output"> <div class="md-search__scrollwrap" data-md-scrollfix> <div class="md-search-result" data-md-component="search-result"> <div class="md-search-result__meta"> Initializing search </div> <ol class="md-search-result__list"></ol> </div> </div> </div> </div> </div> </nav> </header> <div class="md-container" data-md-component="container"> <nav class="md-tabs" aria-label="Tabs" data-md-component="tabs"> <div class="md-tabs__inner md-grid"> <ul class="md-tabs__list"> <li class="md-tabs__item"> <a href="../.." class="md-tabs__link"> Home </a> </li> <li class="md-tabs__item"> <a href="../../rss/" class="md-tabs__link"> RSS </a> </li> <li class="md-tabs__item"> <a href="../../links/" class="md-tabs__link"> Links </a> </li> <li class="md-tabs__item"> <a href="../debian-11-nspawn-flutter-integration-test-server/" class="md-tabs__link md-tabs__link--active"> Posts </a> </li> <li class="md-tabs__item"> <a href="https://git.boringonian.com/trent/trents_blog" class="md-tabs__link"> Source </a> </li> <li class="md-tabs__item"> <a href="https://trentpalmer.org" class="md-tabs__link"> TrentReads </a> </li> <li class="md-tabs__item"> <a href="https://blog.trentpalmer.org" class="md-tabs__link"> AttentionSpanHistory </a> </li> <li class="md-tabs__item"> <a href="https://github.com/TrentSPalmer" class="md-tabs__link"> GitHub </a> </li> <li class="md-tabs__item"> <a href="https://twitter.com/boringtrent" class="md-tabs__link"> Twitter </a> </li> <li class="md-tabs__item"> <a href="https://www.facebook.com/trentspalmer" class="md-tabs__link"> Facebook </a> </li> <li class="md-tabs__item"> <a href="https://docs.trentsonlinedocs.xyz/" class="md-tabs__link"> TrentDocs </a> </li> <li class="md-tabs__item"> <a href="https://trentsonlinedocs.xyz/hugo-themes-report/hugo-themes-report.html" class="md-tabs__link"> HugoThemesReport </a> </li> <li class="md-tabs__item"> <a href="https://play.google.com/store/apps/details?id=org.trentpalmer.libre_gps_parser" class="md-tabs__link"> LibreGpsParser </a> </li> </ul> </div> </nav> <main class="md-main" data-md-component="main"> <div class="md-main__inner md-grid"> <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" > <div class="md-sidebar__scrollwrap"> <div class="md-sidebar__inner"> <nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0"> <label class="md-nav__title" for="__drawer"> <a href="../.." title="Trent's Blog" class="md-nav__button md-logo" aria-label="Trent's Blog" data-md-component="logo"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54z"/></svg> </a> Trent's Blog </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_1" type="checkbox" id="__nav_1" > <label class="md-nav__link" for="__nav_1"> Home <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" aria-label="Home" data-md-level="1"> <label class="md-nav__title" for="__nav_1"> <span class="md-nav__icon md-icon"></span> Home </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../.." class="md-nav__link"> Home </a> </li> <li class="md-nav__item"> <a href="../debian-11-nspawn-flutter-integration-test-server/" class="md-nav__link"> Flutter Integration Test Server in Debian 11 Nspawn Container </a> </li> <li class="md-nav__item"> <a href="../debian-11-ttrss/" class="md-nav__link"> Debian 11 TT-RSS </a> </li> <li class="md-nav__item"> <a href="../trents-favorite-podcasts/" class="md-nav__link"> Trent's Favorite Podcasts </a> </li> <li class="md-nav__item"> <a href="../test-qr-svg-django/" class="md-nav__link"> Test QR SVG Django </a> </li> <li class="md-nav__item"> <a href="../prosody-photo-uploads/" class="md-nav__link"> Prosody Photo Uploads </a> </li> <li class="md-nav__item"> <a href="../xmpp-apt-notifications/" class="md-nav__link"> XMPP Apt Notification </a> </li> <li class="md-nav__item"> <a href="../apache-virtual-hosts/" class="md-nav__link"> Apache Virtual Hosts </a> </li> <li class="md-nav__item"> <a href="../sendxmpp-handler-for-python-logging/" class="md-nav__link"> SENDXMPP Handler for Python Logging </a> </li> <li class="md-nav__item"> <a href="../instructions-for-tethering-from-phone/" class="md-nav__link"> Instruction For Tethering From Phone </a> </li> <li class="md-nav__item"> <a href="../lmde4-custom-partitions-disk-encryption/" class="md-nav__link"> LMDE4 Custom Partitions for Disk Encryption </a> </li> <li class="md-nav__item"> <a href="../linux-move-cursor-with-keyboard/" class="md-nav__link"> Linux Move Cursor With Keyboard </a> </li> <li class="md-nav__item"> <a href="../simplified-raspberry-streaming/" class="md-nav__link"> Simplified Raspberry Streaming </a> </li> <li class="md-nav__item"> <a href="../clear-linux-encrypted-xfs-root/" class="md-nav__link"> Clear Linux Encrypted XFS Root </a> </li> <li class="md-nav__item"> <a href="../clear-linux-guest-virt-manager/" class="md-nav__link"> Clear Linux Guest Virt Manager </a> </li> <li class="md-nav__item"> <a href="../faster-partitioning-with-sgdisk/" class="md-nav__link"> Faster Partitioning with Sgdisk </a> </li> <li class="md-nav__item"> <input class="md-nav__toggle md-toggle" data-md-toggle="toc" type="checkbox" id="__toc"> <label class="md-nav__link md-nav__link--active" for="__toc"> LMDE3 XFS Full Disk Encryption <span class="md-nav__icon md-icon"></span> </label> <a href="./" class="md-nav__link md-nav__link--active"> LMDE3 XFS Full Disk Encryption </a> <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class="md-nav__title" for="__toc"> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix> <li class="md-nav__item"> <a href="#introduction" class="md-nav__link"> Introduction </a> </li> <li class="md-nav__item"> <a href="#prepare-the-installation-media" class="md-nav__link"> Prepare The Installation Media </a> </li> <li class="md-nav__item"> <a href="#boot-the-install-disc" class="md-nav__link"> Boot The Install Disc </a> </li> <li class="md-nav__item"> <a href="#partition-the-hard-drive" class="md-nav__link"> Partition The Hard Drive </a> </li> <li class="md-nav__item"> <a href="#mount-the-hard-drive" class="md-nav__link"> Mount The Hard Drive </a> </li> <li class="md-nav__item"> <a href="#run-the-installer-app" class="md-nav__link"> Run The Installer App </a> </li> <li class="md-nav__item"> <a href="#configure-fstab" class="md-nav__link"> Configure Fstab </a> </li> <li class="md-nav__item"> <a href="#configure-crypttab" class="md-nav__link"> Configure Crypttab </a> </li> <li class="md-nav__item"> <a href="#resume-installer-app" class="md-nav__link"> Resume Installer App </a> </li> <li class="md-nav__item"> <a href="#uefi-fix" class="md-nav__link"> UEFI Fix </a> </li> <li class="md-nav__item"> <a href="#optional-swap-file" class="md-nav__link"> Optional Swap File </a> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="../rewrite-hugo-themes-report-in-python/" class="md-nav__link"> Rewrite Hugo Themes Report In Python </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2" type="checkbox" id="__nav_2" > <label class="md-nav__link" for="__nav_2"> RSS <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" aria-label="RSS" data-md-level="1"> <label class="md-nav__title" for="__nav_2"> <span class="md-nav__icon md-icon"></span> RSS </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../rss/" class="md-nav__link"> RSS </a> </li> <li class="md-nav__item"> <a href="/feed_rss_created.xml" class="md-nav__link"> RssCreated </a> </li> <li class="md-nav__item"> <a href="/feed_rss_updated.xml" class="md-nav__link"> RssUpdated </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3" type="checkbox" id="__nav_3" > <label class="md-nav__link" for="__nav_3"> Links <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" aria-label="Links" data-md-level="1"> <label class="md-nav__title" for="__nav_3"> <span class="md-nav__icon md-icon"></span> Links </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../links/" class="md-nav__link"> Links </a> </li> <li class="md-nav__item"> <a href="https://git.boringonian.com/trent/trents_blog" class="md-nav__link"> Source </a> </li> <li class="md-nav__item"> <a href="https://trentpalmer.org" class="md-nav__link"> TrentReads </a> </li> <li class="md-nav__item"> <a href="https://blog.trentpalmer.org" class="md-nav__link"> AttentionSpanHistory </a> </li> <li class="md-nav__item"> <a href="https://github.com/TrentSPalmer" class="md-nav__link"> GitHub </a> </li> <li class="md-nav__item"> <a href="https://twitter.com/boringtrent" class="md-nav__link"> Twitter </a> </li> <li class="md-nav__item"> <a href="https://www.facebook.com/trentspalmer" class="md-nav__link"> Facebook </a> </li> <li class="md-nav__item"> <a href="https://docs.trentsonlinedocs.xyz/" class="md-nav__link"> TrentDocs </a> </li> <li class="md-nav__item"> <a href="https://trentsonlinedocs.xyz/hugo-themes-report/hugo-themes-report.html" class="md-nav__link"> HugoThemesReport </a> </li> <li class="md-nav__item"> <a href="https://play.google.com/store/apps/details?id=org.trentpalmer.libre_gps_parser" class="md-nav__link"> LibreGpsParser </a> </li> <li class="md-nav__item"> <a href="https://concise-pdx.com/" class="md-nav__link"> ConcisePDX </a> </li> <li class="md-nav__item"> <a href="https://trentspalmer.github.io/fcc-challenges/" class="md-nav__link"> FreeCodeCampChallenges </a> </li> <li class="md-nav__item"> <a href="https://trentpalmer.work/6a57bbe24d8244289610bf57533d6c6f/" class="md-nav__link"> DeviceLayout </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--active md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_4" type="checkbox" id="__nav_4" checked> <label class="md-nav__link" for="__nav_4"> Posts <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" aria-label="Posts" data-md-level="1"> <label class="md-nav__title" for="__nav_4"> <span class="md-nav__icon md-icon"></span> Posts </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../debian-11-nspawn-flutter-integration-test-server/" class="md-nav__link"> Flutter Integration Test Server in Debian 11 Nspawn Container </a> </li> <li class="md-nav__item"> <a href="../debian-11-ttrss/" class="md-nav__link"> Debian 11 TT-RSS </a> </li> <li class="md-nav__item"> <a href="../trents-favorite-podcasts/" class="md-nav__link"> Trent's Favorite Podcasts </a> </li> <li class="md-nav__item"> <a href="../test-qr-svg-django/" class="md-nav__link"> Test QR SVG Django </a> </li> <li class="md-nav__item"> <a href="../prosody-photo-uploads/" class="md-nav__link"> Prosody Photo Uploads </a> </li> <li class="md-nav__item"> <a href="../xmpp-apt-notifications/" class="md-nav__link"> XMPP Apt Notification </a> </li> <li class="md-nav__item"> <a href="../apache-virtual-hosts/" class="md-nav__link"> Apache Virtual Hosts </a> </li> <li class="md-nav__item"> <a href="../sendxmpp-handler-for-python-logging/" class="md-nav__link"> SENDXMPP Handler for Python Logging </a> </li> <li class="md-nav__item"> <a href="../instructions-for-tethering-from-phone/" class="md-nav__link"> Instruction For Tethering From Phone </a> </li> <li class="md-nav__item"> <a href="../lmde4-custom-partitions-disk-encryption/" class="md-nav__link"> LMDE4 Custom Partitions for Disk Encryption </a> </li> <li class="md-nav__item"> <a href="../linux-move-cursor-with-keyboard/" class="md-nav__link"> Linux Move Cursor With Keyboard </a> </li> <li class="md-nav__item"> <a href="../simplified-raspberry-streaming/" class="md-nav__link"> Simplified Raspberry Streaming </a> </li> <li class="md-nav__item"> <a href="../clear-linux-encrypted-xfs-root/" class="md-nav__link"> Clear Linux Encrypted XFS Root </a> </li> <li class="md-nav__item"> <a href="../clear-linux-guest-virt-manager/" class="md-nav__link"> Clear Linux Guest Virt Manager </a> </li> <li class="md-nav__item"> <a href="../faster-partitioning-with-sgdisk/" class="md-nav__link"> Faster Partitioning with Sgdisk </a> </li> <li class="md-nav__item md-nav__item--active"> <input class="md-nav__toggle md-toggle" data-md-toggle="toc" type="checkbox" id="__toc"> <label class="md-nav__link md-nav__link--active" for="__toc"> LMDE3 XFS Full Disk Encryption <span class="md-nav__icon md-icon"></span> </label> <a href="./" class="md-nav__link md-nav__link--active"> LMDE3 XFS Full Disk Encryption </a> <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class="md-nav__title" for="__toc"> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix> <li class="md-nav__item"> <a href="#introduction" class="md-nav__link"> Introduction </a> </li> <li class="md-nav__item"> <a href="#prepare-the-installation-media" class="md-nav__link"> Prepare The Installation Media </a> </li> <li class="md-nav__item"> <a href="#boot-the-install-disc" class="md-nav__link"> Boot The Install Disc </a> </li> <li class="md-nav__item"> <a href="#partition-the-hard-drive" class="md-nav__link"> Partition The Hard Drive </a> </li> <li class="md-nav__item"> <a href="#mount-the-hard-drive" class="md-nav__link"> Mount The Hard Drive </a> </li> <li class="md-nav__item"> <a href="#run-the-installer-app" class="md-nav__link"> Run The Installer App </a> </li> <li class="md-nav__item"> <a href="#configure-fstab" class="md-nav__link"> Configure Fstab </a> </li> <li class="md-nav__item"> <a href="#configure-crypttab" class="md-nav__link"> Configure Crypttab </a> </li> <li class="md-nav__item"> <a href="#resume-installer-app" class="md-nav__link"> Resume Installer App </a> </li> <li class="md-nav__item"> <a href="#uefi-fix" class="md-nav__link"> UEFI Fix </a> </li> <li class="md-nav__item"> <a href="#optional-swap-file" class="md-nav__link"> Optional Swap File </a> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="../rewrite-hugo-themes-report-in-python/" class="md-nav__link"> Rewrite Hugo Themes Report In Python </a> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="https://git.boringonian.com/trent/trents_blog" class="md-nav__link"> Source </a> </li> <li class="md-nav__item"> <a href="https://trentpalmer.org" class="md-nav__link"> TrentReads </a> </li> <li class="md-nav__item"> <a href="https://blog.trentpalmer.org" class="md-nav__link"> AttentionSpanHistory </a> </li> <li class="md-nav__item"> <a href="https://github.com/TrentSPalmer" class="md-nav__link"> GitHub </a> </li> <li class="md-nav__item"> <a href="https://twitter.com/boringtrent" class="md-nav__link"> Twitter </a> </li> <li class="md-nav__item"> <a href="https://www.facebook.com/trentspalmer" class="md-nav__link"> Facebook </a> </li> <li class="md-nav__item"> <a href="https://docs.trentsonlinedocs.xyz/" class="md-nav__link"> TrentDocs </a> </li> <li class="md-nav__item"> <a href="https://trentsonlinedocs.xyz/hugo-themes-report/hugo-themes-report.html" class="md-nav__link"> HugoThemesReport </a> </li> <li class="md-nav__item"> <a href="https://play.google.com/store/apps/details?id=org.trentpalmer.libre_gps_parser" class="md-nav__link"> LibreGpsParser </a> </li> </ul> </nav> </div> </div> </div> <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" > <div class="md-sidebar__scrollwrap"> <div class="md-sidebar__inner"> <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class="md-nav__title" for="__toc"> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix> <li class="md-nav__item"> <a href="#introduction" class="md-nav__link"> Introduction </a> </li> <li class="md-nav__item"> <a href="#prepare-the-installation-media" class="md-nav__link"> Prepare The Installation Media </a> </li> <li class="md-nav__item"> <a href="#boot-the-install-disc" class="md-nav__link"> Boot The Install Disc </a> </li> <li class="md-nav__item"> <a href="#partition-the-hard-drive" class="md-nav__link"> Partition The Hard Drive </a> </li> <li class="md-nav__item"> <a href="#mount-the-hard-drive" class="md-nav__link"> Mount The Hard Drive </a> </li> <li class="md-nav__item"> <a href="#run-the-installer-app" class="md-nav__link"> Run The Installer App </a> </li> <li class="md-nav__item"> <a href="#configure-fstab" class="md-nav__link"> Configure Fstab </a> </li> <li class="md-nav__item"> <a href="#configure-crypttab" class="md-nav__link"> Configure Crypttab </a> </li> <li class="md-nav__item"> <a href="#resume-installer-app" class="md-nav__link"> Resume Installer App </a> </li> <li class="md-nav__item"> <a href="#uefi-fix" class="md-nav__link"> UEFI Fix </a> </li> <li class="md-nav__item"> <a href="#optional-swap-file" class="md-nav__link"> Optional Swap File </a> </li> </ul> </nav> </div> </div> </div> <div class="md-content" data-md-component="content"> <article class="md-content__inner md-typeset"> <h1>LMDE3 XFS Full Disk Encryption</h1> <p>date: 2019-01-25T23:25:36-08:00</p> <h2 id="introduction"><strong>Introduction</strong></h2> <p>Linux Mint Debian Edition is the alternate version of Linux Mint, but built on a Debian base. The result is quite pleasant: the stability of desktop Debian, but with the rough edges polished smooth, nicely configured fonts and ui, and all the multi-media codecs included.</p> <p>Unfortunately, the LMDE 3 installer does not support disk encryption, but manually setting this up by hand is pretty straightforward. On the other hand, manually setting up your partitions by hand allows extra freedom and flexibility, and so I have chosen a simple luks-encrypted <code>/</code> partition formatted xfs.</p> <p>As far as swap is concerned, my preference is to use a swap file instead of a swap partition. Having a swap file instead of a swap partition is more flexible because obviously you can easily recreate a different size swap file whenever you like (or use none at all), and the encryption requires no extra set up because the <code>/</code> partition is encrypted anyway.</p> <p>Will this work with a dual-boot set up? Of course! Because you have to manually configure the partitions anyway, just arrange them exactly how you would need for dual-boot.</p> <p>Assumes uefi-configured boot, with separate partitions for <code>/boot</code> formatted ext4, <code>/boot/efi</code> formatted fat32, and a regular luks-encrypted partition for <code>/</code> formatted xfs.</p> <h2 id="prepare-the-installation-media"><strong>Prepare The Installation Media</strong></h2> <p>Visit the <a href="https://www.linuxmint.com/" target="_blank">Linux Mint Website</a> and <a href="https://www.linuxmint.com/edition.php?id=259" target="_blank">download</a> the iso file for LMDE 3 64bit. Download from torrents if possible, to save bandwidth.</p> <ul> <li>verify the sha256 sum of the iso file <div class="highlight"><pre><span></span><code><span class="go">sha256sum lmde-3-201808-cinnamon-64bit.iso</span> </code></pre></div></li> </ul> <p>Identify the thumb drive you are going to install from.</p> <ul> <li>type <code>lsblk</code>, note the output, and then insert the thumb drive</li> <li>then type <code>lsblk</code> again and note the <em>additional output</em></li> </ul> <div class="highlight"><pre><span></span><code># lsblk /dev/sdb NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:32 1 14.5G 0 disk ├─sdb1 8:33 1 3.4G 0 part /media/trent/Debian 9.6.0 amd64 └─sdb2 8:34 1 416K 0 part </code></pre></div> <p>In the above example output we see that our thumb drive is identified as <code>/dev/sdb</code>, and partition <code>/dev/sdb1</code> is automatically mounted.</p> <p>Take special care that you have accurately identified the thumb drive before proceeding. For the sake of example, we will proceed on the assumption that our thumb drive is identified as <code>/dev/sdb</code>, but you need to compensate accordingly.</p> <ul> <li> <p>unmount any partition of the thumb drive that are automatically mounted <div class="highlight"><pre><span></span><code><span class="go">umount /dev/sdb1</span> </code></pre></div></p> </li> <li> <p>write the disk image to the thumb drive <div class="highlight"><pre><span></span><code><span class="go">ddrescue -D --force lmde-3-201808-cinnamon-64bit.iso /dev/sdb</span> </code></pre></div></p> </li> </ul> <h2 id="boot-the-install-disc"><strong>Boot The Install Disc</strong></h2> <ul> <li>boot into bios to disable fastboot and secureboot</li> <li>invoke your machine's device boot menu and boot the install disc in uefi mode</li> <li>confirm that you have booted in uefi mode by listing efivars <div class="highlight"><pre><span></span><code><span class="go">ls /sys/firmware/efi/vars</span> </code></pre></div></li> </ul> <h2 id="partition-the-hard-drive"><strong>Partition The Hard Drive</strong></h2> <p>If you recall we are assuming the target hard drive is <code>/dev/sda</code>, as an example. So, make adjustments as necessary.</p> <p>If you would rather use a different partition tool, make sure the efi partition is an efi partition type, and you definitely need a separate <code>/boot</code> partition.</p> <ol> <li>if needed you can clear the drive with wipefs <div class="highlight"><pre><span></span><code><span class="go">wipefs --all /dev/sda</span> </code></pre></div></li> <li>create a new partition table for <code>/dev/sda</code> <div class="highlight"><pre><span></span><code><span class="go">sgdisk /dev/sda -o</span> </code></pre></div></li> <li>create a new efi partition for <code>/dev/sda</code> <div class="highlight"><pre><span></span><code><span class="go">sgdisk /dev/sda --new=1::+512MiB --typecode=1:ef00</span> </code></pre></div></li> <li>create a new <code>/boot</code> partition for <code>/dev/sda</code> <div class="highlight"><pre><span></span><code><span class="go">sgdisk /dev/sda --new=2::+1G</span> </code></pre></div></li> <li>create a new <code>/</code> partition for <code>/dev/sda</code> <div class="highlight"><pre><span></span><code><span class="go">sgdisk /dev/sda --new=3</span> </code></pre></div></li> <li>verify your partition work <div class="highlight"><pre><span></span><code><span class="go">sgdisk /dev/sda -p</span> </code></pre></div></li> <li>format the efi partition <div class="highlight"><pre><span></span><code><span class="go">mkfs.vfat -F32 /dev/sda1</span> </code></pre></div></li> <li>format the /boot partition <div class="highlight"><pre><span></span><code><span class="go">mkfs.ext4 /dev/sda2</span> </code></pre></div></li> <li>encrypt the <code>/</code> partition, you will be prompted for a password <div class="highlight"><pre><span></span><code><span class="go">cryptsetup -y -v luksFormat --type luks2 /dev/sda3</span> </code></pre></div></li> <li>decrypt the <code>/</code> partition, you will be prompted for a password <div class="highlight"><pre><span></span><code><span class="go">cryptsetup open /dev/sda3 cryptroot</span> </code></pre></div></li> <li>format the <code>/</code> device <div class="highlight"><pre><span></span><code><span class="go">mkfs.xfs /dev/mapper/cryptroot</span> </code></pre></div></li> </ol> <h2 id="mount-the-hard-drive"><strong>Mount The Hard Drive</strong></h2> <p>This takes advantage of <em>expert mode</em> in the LMDE installer.</p> <ol> <li>create an <code>/target</code> directory <div class="highlight"><pre><span></span><code><span class="go">mkdir /target</span> </code></pre></div></li> <li>mount the <code>/</code> device at <code>/target</code> <div class="highlight"><pre><span></span><code><span class="go">mount /dev/mapper/cryptroot /target</span> </code></pre></div></li> <li>create an <code>/target/boot</code> directory <div class="highlight"><pre><span></span><code><span class="go">mkdir /target/boot</span> </code></pre></div></li> <li>mount the <code>/boot</code> partition at <code>/target/boot</code> <div class="highlight"><pre><span></span><code><span class="go">mount /dev/sda2 /target/boot</span> </code></pre></div></li> <li>create an <code>/target/boot/efi</code> directory <div class="highlight"><pre><span></span><code><span class="go">mkdir /target/boot/efi</span> </code></pre></div></li> <li>mount the efi partition at <code>/target/boot/efi</code> <div class="highlight"><pre><span></span><code><span class="go">mount /dev/sda1 /target/boot/efi</span> </code></pre></div></li> </ol> <h2 id="run-the-installer-app"><strong>Run The Installer App</strong></h2> <p>At this point you're ready to run the live installer. You can click the disc icon on the desktop.</p> <p>The first three pages of the live-installer cover Language,Timezone, and Keymap. The fourth page of the live-installer covers name, password, and hostname. On the fifth page of the live-installer, you come to a partition configuration page. But there is nothing to do, so select <em>expert mode</em> at the bottom of the page.</p> <p>Again select <em>forward</em>, and when you come to the page where you configure the location to install grub, that should be the efi partition, i.e. <code>/dev/sda1</code>.</p> <p>Select forward one more time, and then select install. The installation will run for a few minutes and will then pause. During the pause you need to manually configure <code>fstab</code> and <code>crypttab</code>.</p> <h2 id="configure-fstab"><strong>Configure Fstab</strong></h2> <ol> <li>find the UUID of the efi partition <div class="highlight"><pre><span></span><code><span class="go">blkid /dev/sda1 -s UUID</span> </code></pre></div></li> <li>find the UUID of the <code>/boot</code> partition <div class="highlight"><pre><span></span><code><span class="go">blkid /dev/sda2 -s UUID</span> </code></pre></div></li> <li>find the UUID of the <code>/</code> device <div class="highlight"><pre><span></span><code><span class="go">blkid /dev/mapper/cryptroot -s UUID</span> </code></pre></div></li> </ol> <p>And when you find the correct UUID numbers, use them to configure <code>/etc/fstab</code> which is actually currently at <code>/target/etc/fstab</code>. <div class="highlight"><pre><span></span><code># /etc/fstab ############### # efi partition # run the command `blkid /dev/sda1 -s UUID` which outputs # /dev/sda1: UUID="17C4-215D", from which derive UUID=17C4-215D /boot/efi vfat defaults 0 2 # /boot partition # run the command `blkid /dev/sda2 -s UUID` which outputs # /dev/sda2: UUID="f2509fff-4854-4721-b546-0274c89e6aec", from which derive UUID=f2509fff-4854-4721-b546-0274c89e6aec /boot ext4 defaults 0 2 # "/" device # run the command `blkid /dev/mapper/cryptroot -s UUID` which outputs # /dev/mapper/cryptroot: UUID="72241377-cd65-43a6-8363-1afce5bd93f6", from which derive UUID=72241377-cd65-43a6-8363-1afce5bd93f6 / xfs defaults 0 1 </code></pre></div></p> <h2 id="configure-crypttab"><strong>Configure Crypttab</strong></h2> <p>But before the file systems can be mounted, <code>crypttab</code> needs to mount <code>/dev/sda3</code> at <code>/dev/mapper/cryptroot</code>. Configure <code>/etc/crypttab</code> which is actually currently at <code>/target/etc/crypttab</code></p> <ul> <li>find the UUID of the partition that will be mounted at <code>/dev/mapper/crypttab</code> <div class="highlight"><pre><span></span><code><span class="go">blkid /dev/sda3 -s UUID</span> </code></pre></div></li> </ul> <p>And when you find the correct UUID number for <code>/dev/sda3</code>, use that to configure <code>/etc/crypttab</code> which is actually currently at <code>/target/etc/crypttab</code>.</p> <div class="highlight"><pre><span></span><code># /etc/crypttab # run the command `blkid /dev/sda3 -s UUID` which outputs # /dev/sda3: UUID="da3e0967-711f-4159-85ac-7d5743a75201", from which derive # <target name> <source device> <key file> <options> cryptroot UUID=da3e0967-711f-4159-85ac-7d5743a75201 none luks </code></pre></div> <h2 id="resume-installer-app"><strong>Resume Installer App</strong></h2> <p>At this point finish running the live installer, and you'll be done.</p> <h2 id="uefi-fix"><strong>UEFI Fix</strong></h2> <p>On some machines, such as HP Laptops, UEFI is broken and efi boot entries don't persist.</p> <ol> <li>remount the efi parition <div class="highlight"><pre><span></span><code><span class="go">mount /dev/sda1 /mnt/ ; cd /mnt/EFI/</span> </code></pre></div></li> <li>create a default efi executable <div class="highlight"><pre><span></span><code><span class="go">mkdir BOOT ; cp linuxmint/grubx64.efi BOOT/BOOTX64.efi</span> </code></pre></div></li> </ol> <h2 id="optional-swap-file"><strong>Optional Swap File</strong></h2> <p>Visit the <a href="https://wiki.archlinux.org/index.php/Swap#Swap_file" target="_blank">Arch Wiki</a> and they will hook you up.</p> </article> </div> </div> </main> <footer class="md-footer"> <nav class="md-footer__inner md-grid" aria-label="Footer"> <a href="../faster-partitioning-with-sgdisk/" class="md-footer__link md-footer__link--prev" aria-label="Previous: Faster Partitioning with Sgdisk" rel="prev"> <div class="md-footer__button md-icon"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg> </div> <div class="md-footer__title"> <div class="md-ellipsis"> <span class="md-footer__direction"> Previous </span> Faster Partitioning with Sgdisk </div> </div> </a> <a href="../rewrite-hugo-themes-report-in-python/" class="md-footer__link md-footer__link--next" aria-label="Next: Rewrite Hugo Themes Report In Python" rel="next"> <div class="md-footer__title"> <div class="md-ellipsis"> <span class="md-footer__direction"> Next </span> Rewrite Hugo Themes Report In Python </div> </div> <div class="md-footer__button md-icon"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4z"/></svg> </div> </a> </nav> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class="md-footer-copyright"> Made with <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener"> Material for MkDocs </a> </div> <div class="md-footer-social"> <a href="https://twitter.com/boringtrent" target="_blank" rel="noopener" title="trent on twitter" class="md-footer-social__link"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M459.37 151.716c.325 4.548.325 9.097.325 13.645 0 138.72-105.583 298.558-298.558 298.558-59.452 0-114.68-17.219-161.137-47.106 8.447.974 16.568 1.299 25.34 1.299 49.055 0 94.213-16.568 130.274-44.832-46.132-.975-84.792-31.188-98.112-72.772 6.498.974 12.995 1.624 19.818 1.624 9.421 0 18.843-1.3 27.614-3.573-48.081-9.747-84.143-51.98-84.143-102.985v-1.299c13.969 7.797 30.214 12.67 47.431 13.319-28.264-18.843-46.781-51.005-46.781-87.391 0-19.492 5.197-37.36 14.294-52.954 51.655 63.675 129.3 105.258 216.365 109.807-1.624-7.797-2.599-15.918-2.599-24.04 0-57.828 46.782-104.934 104.934-104.934 30.213 0 57.502 12.67 76.67 33.137 23.715-4.548 46.456-13.32 66.599-25.34-7.798 24.366-24.366 44.833-46.132 57.827 21.117-2.273 41.584-8.122 60.426-16.243-14.292 20.791-32.161 39.308-52.628 54.253z"/></svg> </a> <a href="https://www.facebook.com/trentspalmer" target="_blank" rel="noopener" title="trent on facebook" class="md-footer-social__link"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M504 256C504 119 393 8 256 8S8 119 8 256c0 123.78 90.69 226.38 209.25 245V327.69h-63V256h63v-54.64c0-62.15 37-96.48 93.67-96.48 27.14 0 55.52 4.84 55.52 4.84v61h-31.28c-30.8 0-40.41 19.12-40.41 38.73V256h68.78l-11 71.69h-57.78V501C413.31 482.38 504 379.78 504 256z"/></svg> </a> <a href="https://github.com/TrentSPalmer" target="_blank" rel="noopener" title="trent on github" class="md-footer-social__link"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z"/></svg> </a> <a href="/rss" target="_blank" rel="noopener" title="rss" class="md-footer-social__link"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M400 32H48C21.49 32 0 53.49 0 80v352c0 26.51 21.49 48 48 48h352c26.51 0 48-21.49 48-48V80c0-26.51-21.49-48-48-48zM112 416c-26.51 0-48-21.49-48-48s21.49-48 48-48 48 21.49 48 48-21.49 48-48 48zm157.533 0h-34.335c-6.011 0-11.051-4.636-11.442-10.634-5.214-80.05-69.243-143.92-149.123-149.123-5.997-.39-10.633-5.431-10.633-11.441v-34.335c0-6.535 5.468-11.777 11.994-11.425 110.546 5.974 198.997 94.536 204.964 204.964.352 6.526-4.89 11.994-11.425 11.994zm103.027 0h-34.334c-6.161 0-11.175-4.882-11.427-11.038-5.598-136.535-115.204-246.161-251.76-251.76C68.882 152.949 64 147.935 64 141.774V107.44c0-6.454 5.338-11.664 11.787-11.432 167.83 6.025 302.21 141.191 308.205 308.205.232 6.449-4.978 11.787-11.432 11.787z"/></svg> </a> </div> </div> </div> </footer> </div> <div class="md-dialog" data-md-component="dialog"> <div class="md-dialog__inner md-typeset"></div> </div> <script id="__config" type="application/json">{"base": "../..", "features": ["navigation.tabs"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../assets/javascripts/workers/search.409db549.min.js", "version": null}</script> <script src="../../assets/javascripts/bundle.756773cc.min.js"></script> </body> </html>