How to create a LUKS LVM Partition

  1. Create a logical volume: lvcreate -L 500M -n crypto cryptovg
  2. Fill the logical volume with random data: dd if=/dev/urandom of=/dev/cryptovg/crypto
  3. Initialize the logical volume: cryptsetup --verbose --verify-passphrase luksFormat /dev/cryptovg/crypto
  4. Open the newly encrypted device: cryptsetup luksOpen /dev/cryptovg/crypto cryptosec
  5. Check that it’s there: ls -l /dev/mapper | grep cryptosec
  6. Create a filesystem: mkfs.ext4 /dev/mapper/cryptosec
  7. Mount it: mount /dev/mapper/cryptosec /media/cryptosec
  8. Check that it’s visible: df -h | grep cryptosec
  9. Add the following to /etc/crypttab: cryptosec /dev/cryptovg/crypto none
  10. Edit your /etc/fstab, removing the old entry for /dev/cryptovg/crypto and adding /dev/mapper/cryptosec /media/cryptosec ext4 defaults 1 2
  11. Restore default SELinux security contexts: /sbin/restorecon -v -R /media/cryptosec
  12. Reboot: shutdown -r now
  13. The entry in /etc/crypttab makes your computer ask your luks passphrase on boot. Enter your password when asked. Login as root and restore your backup.