While setting up a couple new hard drives I realized that the information on the internet to use LVM and encryption were either wrong or unnecessarily complex. Here’s the commands I use with a brief explanation:
The disk I will be using in this example is sdd. Replace this with the hard drive you are setting up.
modprobe dm-crypt modprobe aes-i586 dd if=/dev/zero of=/dev/sdd #write zero's to the drive, to wipe out all previous data lvm pvcreate /dev/sdd1 #create the physical volume lvm vgcreate lvm /dev/sdd1 #create the volume group with the identified 'lvm' lvm lvcreate -l 100%FREE -n home lvm #create a logical volume as big as the drive itself called 'home' , which will create the file /dev/lvm/home and /dev/lvm/lvm-home, within volume group 'lvm' cryptsetup luksFormat -c aes-xts-plain -s 512 /dev/lvm/home #encrypt our new logical volume 'home' with 512bit aes cryptsetup luksOpen /dev/lvm/home home #open our new encrypted logical volume with the name 'home', this will create the file /dev/mapper/home mkfs.ext4 /dev/mapper/home #create an ext4 filesystem our encrypted lvm partition
That’s all there is to it. To enable automatic mounting see
/etc/crypttab. Note that when booting you will need to activate the lvm partition with the command
lvchange -a y <lvm identifier>