- Create a logical volume: lvcreate -L 500M -n crypto cryptovg
- Fill the logical volume with random data: dd if=/dev/urandom of=/dev/cryptovg/crypto
- Initialize the logical volume: cryptsetup --verbose --verify-passphrase luksFormat /dev/cryptovg/crypto
- Open the newly encrypted device: cryptsetup luksOpen /dev/cryptovg/crypto cryptosec
- Check that it’s there: ls -l /dev/mapper | grep cryptosec
- Create a filesystem: mkfs.ext4 /dev/mapper/cryptosec
- Mount it: mount /dev/mapper/cryptosec /media/cryptosec
- Check that it’s visible: df -h | grep cryptosec
- Add the following to /etc/crypttab: cryptosec /dev/cryptovg/crypto none
- Edit your /etc/fstab, removing the old entry for /dev/cryptovg/crypto and adding /dev/mapper/cryptosec /media/cryptosec ext4 defaults 1 2
- Restore default SELinux security contexts: /sbin/restorecon -v -R /media/cryptosec
- Reboot: shutdown -r now
- The entry in /etc/crypttab makes your computer ask your luks passphrase on boot. Enter your password when asked. Login as root and restore your backup.
How to create a LUKS LVM Partition
