Taglinux

How To Encrypt Your Home Folder in Linux

In this post I give a short explanation of how to encrypt your home folder in Linux. Why should you encrypt your home folder? When you use a laptop and you take it with you all the time it’s important to protect it. Unfortunately a good log-in password isn’t enough to stop someone from accessing your data when your laptop gets stolen. Your log-in password can be circumvented with any Linux Live CD. Therefore it’s important to encrypt your data and I will explain how you can do that on your (installed) Linux laptop. This how-to is written for Linux Mint (Debian) but it should also work for other distributions (like Ubuntu). You can use it to encrypt your home folder after installing Linux.

Step 0: Backup your (unencrypted) home folder

Before you start, you should backup the important files in your home folder. You can do this by copying your home folder to an external drive or by using cloud storage. But this shouldn’t be a problem because you should always have backups ūüėČ (if you don’t, read this).

Step 1: Install the ecryptfs-utils package

You can do this using the command:
sudo apt-get install ecryptfs-utils

Step 2: Configure the ecryptfs module to load at startup.

You do this by adding ecryptfs to the /etc/modules file.

Step 3: Restart your system so that the ecryptfs module loads.

Step 4: Log in as root in a terminal

BEFORE you log in with your regular user name in the (graphical) log-in window, go to a non-graphical log-in terminal by pressing CTRL+ALT+F1. There you log in as root.

Step 5: Start the encryption of your home folder

In the terminal where you logged in as root, enter the following command where you replace USERNAME with your own username:
ecryptfs-migrate-home -u USERNAME

The script will ask you to fill in the password of your normal Linux account (of which you want to encrypt the home folder). After that the encryption starts. This can take a while depending on the number of files you have in your home folder. Wait for the encryption to complete.

Step 6: Log in with your username and password

DO THIS BEFORE REBOOTING YOUR SYSTEM! Go back to the graphical log-in window by pressing CTRL+ALT+F7. Log in and verify that your files are still present and that you can read them. If this is not the case, you should restore the backup you made in step 0 or the backup generated by the script that looks like USERNAME.d5JafeTE (in the home directory).

Step 7: Backup your randomly generated mount passphrase

The ecryptfs utility generated a mount passphrase that is necessary to mount your encrypted data. The mounting happens automatically when you log-in but not when approaching the data from another Linux installation (like a live CD). Then you need to give the mount passphrase and that’s why you should save it on some external medium. You can display your current mount passphrase using the command:
sudo ecryptfs-unwrap-passphrase

Step 8: Restart your system and verify your data again.

Just to be sure, restart your computer again and verify that you can read your data after logging in.

Step 9: Remove the backup folder generated by the script

After you made sure that your data is alright, you can remove the backup of your home folder that was generated by the script. This folder is located in /home and looks like USERNAME.d5JafeTE

Step 10: Enjoy your newly encrypted home folder.

I would like to end this post with some remarks:

  • The encryption of your home folder has a noticeable impact on the performance of your system. The impact is minimal and your system stays absolutely usable. Just take it into account when doing this.
  • Make sure you have unencrypted backups of all your data for when your Linux system breaks and you lost your mount passphrase (or the encryption went corrupt). When your data is encrypted, there is no way of retrieving it with a live CD.
  • Dropbox and SpiderOak have no problem with the encryption and your data is readable when you access it from another SpiderOak or Dropbox client (on a different computer). It is possible that they start uploading after the first reboot, but they only upload information about the ‘last-modified’ meta data of the files (and that changed since the files where encrypted). I haven’t tested with other could storage solutions, but I expect that they’ll behave in a similar way.

Happy encrypting!

Stop the blinking wireless LED in Linux

I’ve recently had some problems with the wireless LED of my laptop in Linux. I have a Intel WiFi Link 5100 but this also applies to other Intel WiFi cards.¬† The LED that indicates that my WiFi is enabled or not, was blinking every time the WiFi card transmitted or received data. This seems like some special feature Intel introduced but it is really very annoying! Luckily you can stop the blinking, but this depends on your kernel version so make sure to look into the right section. I’m posting solutions for Linux Mint (Debian), Ubuntu and Arch Linux but I think this will also work for other distros.

Kernel version lower than 3.2.0

Put this text

options iwlagn led_mode=1

in the following file (possibly you have to create the file):

  • Linux Mint (Debian) or Ubuntu: /etc/modprobe.d/iwlagn.conf
  • Arch Linux: /etc/modprobe.d/modprobe.conf

Now restart your system or reload the WiFi driver using:
sudo -i
modprobe -r iwlagn && modprobe iwlagn

If that doesn’t work, you can try putting the following in the same file:

options iwl_legacy led_mode=1

Kernel version greater or equal to 3.2.0

Put this text

options iwlwifi led_mode=1

in the following file (possibly you have to create the file):

  • Linux Mint (Debian) or Ubuntu:¬†/etc/modprobe.d/wlan.conf
  • Arch Linux: /etc/modprobe.d/modprobe.conf

Now restart your system or reload the WiFi driver using:
sudo -i
modprobe -r iwlwifi && modprobe iwlwifi

If that doesn’t work, you can try putting the following in the same file:

options iwlegacy led_mode=1

This fixed stopped the blinking on my laptop and I hope it also works for you!

ATI Mobility Radeon HD 3650 on Linux/Ubuntu

*** This post was imported from my previous blog, last edit on 17/11/2012 ***

Posted by Tom Desair Sep 11, 2009 12:10:54

After cruising the internet for several days I’ve been able to install the proprietary Linux drivers from ATI for my Mobility HD 3650 on my HP EliteBook 8530p.

Here’s a small how-to for the installation:

First follow this guide: http://wiki.cchtml.com/index.php/Ubuntu_Precise_Installation_Guide using the “Installing the drivers manually ” section.

*WARNING*: The last supported driver version for this card is 12-6. Download it using the command:
wget http://www2.ati.com/drivers/legacy/12-6/amd-driver-installer-12.6-legacy-x86.x86_64.zip

*WARNING 2*: Several people told me that there are problems with Ubuntu 12.10 and its version of X.Org server. I don’t have a solution to this yet because I use Ubuntu 12.04 at the moment.

BUT BEFORE YOU RESTART you also have to run the following command:
sudo aticonfig --acpi-services=off

Now you’re good to go and you can restart your system. Normally everything should be working fine. If this is not the case, you can uninstall the ATI driver using:
sudo apt-get remove --purge fglrx*

And then replace the xorg.conf file with the original one (both found in the /etc/X11/ directory)

Installing the proprietary drivers also increases a lot the battery life of the HP 8530p because now you can use ATI’s PowerPlay. Let me know in the comments below if this worked for you or not and if you are still experiencing problems with the driver.

Greetz and good luck,

Tom

© 2017 Tom's Webspace

Theme by Anders NorénUp ↑