-
lvcreate -L 500M -n crypto cryptovg
-
Fill your partition with random data:dd if=/dev/urandom of=/dev/cryptovg/crypto
-
initialize your partition:cryptsetup --verbose --verify-passphrase luksFormat /dev/cryptovg/crypto
-
open the newly encrypted device:cryptsetup luksOpen /dev/cryptovg/crypto cryptosec
-
check it’s there:ls -l /dev/mapper | grep cryptosec
-
create a filesystem:mkfs.ext4 /dev/mapper/cryptosec
-
mount it:mount /dev/mapper/cryptosec /media/cryptosec
-
check it’s visible:df -h | grepcryptosec
-
add the following to /etc/crypttab:cryptosec/dev/cryptovg/cryptonone
-
edit your /etc/fstab, removing the old entry for /dev/cryptovg/crypto and adding/dev/mapper/cryptosec/media/cryptosecext4 defaults 1 2
-
restore default SELinux security contexts:/sbin/restorecon -v -R /media/cryptosec
-
reboot:shutdown -r now
-
The entry in /etc/crypttab makes your computer ask yourluks
passphrase on boot
-
Login as root and restore your backup
create luks lvm partition
