Hybrid Ubuntu with /home in an hdd encrypted

partitioning startup encryption luks

Yes, you can do what you are describing. I do exactly the same myself, install the OS on an SSD partition unencrypted, and mount an encrypted partition into /home/$USER.

Start by installing the system on your SSD partition as usual, choose your username (I assume username below) and then boot into your new system.

After that there are basically four steps you need to follow:

1. Create an encrypted partition to serve as home

I will not detail this as you will find enough tutorials on this. Let me know if a step-by-step description is desired. Basically you prepare the partition of your choice as a LUKS-encrypted partition using cryptsetup and format it with a file system of your choice.

2. Copy your home folder contents to the new encrypted partition

Mount your new encrypted partition somewhere and copy the contents from the /home/username folder of your newly installed system into it, so after reboot everything is in place.

3. Add the encrypted home partition to /etc/crypttab

You will then need to add that encrypted partition to your /etc/crypttab file on your new system. The line to add looks like this:

cryptHome UUID=64342713-8b12-49a3-9238-390f0d87803f none luks

Note that cryptHome is a freely choosable identifier you will need in the next step. none just tells it not to use a keyfile and ask for the password interactively on boot. luks is the encryption type.

To find the UUID to use here, do lsblk -f and find the partition you encrypted in step 1. The UUID you want is the one with crypto_LUKS as file system.

4. Add the mapped LUKS partition to etc/fstab

Finally, you need to add the mapped device (after it has been decrypted by cryptsetup) to your fstab to be mounted automatically on /home/username. The line to add looks like this:

/dev/mapper/cryptHome /home/username jfs defaults 0 2

Adapt to the identifier you used in /etc/crypttab, the actual name of your user and the actual file system you used to format your encrypted partition.

Reboot

After reboot, the system will ask you for the passphrase to decrypt the encrypted partition, and then for your user account password as usual. You should be all set with the encrypted partition mounted under /home/username.

Of course this procedure also works with any other encrypted partitions that you want to unlock and mount on boot.

Related

java -version are different in user and root terminal
I installed Xubuntu and can't find how to make a bootable usb on it to un-install Ubuntu [duplicate]
Problems getting a working installation of gsl 2.6
How to copy a file to a pendrive in Ubuntu terminal [duplicate]
What is the effect of packages installed by snap on memory usage?
Ubuntu Software icon missing!
How to disable Fast Boot on Asus zenbook for EFI boot
Folder names and file names text is wrapping
Missing ipmi Device (Remote Access Card) / ipmitool Failue: Could not open device at /dev/ipmi0 ... No such file or directory
Dual booting Windows And Ubuntu with equal partition on both ssd and hdd
Ubuntu 20.04 Dell XPS Laptop Audio not working
I can't apt update