Digital Drip

While setting up a couple new hard drives I realized that the information on the internet to use LVM and encryption were either wrong or unnecessarily complex. Here’s the commands I use with a brief explanation:

The disk I will be using in this example is sdd. Replace this with the hard drive you are setting up.

modprobe dm-crypt
modprobe aes-i586

dd if=/dev/zero of=/dev/sdd                       #write zero's to the drive, to wipe out all previous data
lvm pvcreate /dev/sdd1                            #create the physical volume
lvm vgcreate lvm /dev/sdd1                        #create the volume group with the identified 'lvm'
lvm lvcreate -l 100%FREE -n home lvm              #create a logical volume as big as the drive itself called 'home' , which will create the file /dev/lvm/home and /dev/lvm/lvm-home, within volume group 'lvm'

cryptsetup luksFormat -c aes-xts-plain -s 512 /dev/lvm/home         #encrypt our new logical volume 'home' with 512bit aes
cryptsetup luksOpen /dev/lvm/home home                              #open our new encrypted logical volume with the name 'home', this will create the file /dev/mapper/home

mkfs.ext4 /dev/mapper/home                                          #create an ext4 filesystem our encrypted lvm partition

That’s all there is to it. To enable automatic mounting see /etc/crypttab. Note that when booting you will need to activate the lvm partition with the command

lvchange -a y <lvm identifier>