Ecrypt Home Folder on Raspberry Pi

Install Step

1. Create a temp user tu, and add it to sudo group

   sudo adduser tu
   sudo gpasswd -M tu sudo

2. Logout and re-login with temp user tu

3. Install necessary package

   sudo apt install ecryptfs-utils lsof
   sudo modprobe ecryptfs  

4. ecrypt home files for origin user, eg. ou

   sudo ecryptfs-migrate-home -u ou

   tu@raspberry-pi:~ $ sudo ecryptfs-migrate-home -u ou
   INFO:  Checking disk space, this may take a few moments.  Please be patient.
   INFO:  Checking for open files in /home/ou
   Enter your login passphrase [ou]:
   
   ************************************************************************
   YOU SHOULD RECORD YOUR MOUNT PASSPHRASE AND STORE IT IN A SAFE LOCATION.
     ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase
   THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME.
   ************************************************************************
   
   
   Done configuring.
   
   chown: cannot access '/dev/shm/.ecryptfs-ou': No such file or directory
   mount: (hint) your fstab has been modified, but systemd still uses
       the old version; use 'systemctl daemon-reload' to reload.
   INFO:  Encrypted home has been set up, encrypting files now...this may take a while.
   sending incremental file list
   ./
   .bash_history
            155 100%    0.00kB/s    0:00:00 (xfr#1, to-chk=6/8)
   .bash_logout
            220 100%  214.84kB/s    0:00:00 (xfr#2, to-chk=5/8)
   .bashrc
          3,523 100%    3.36MB/s    0:00:00 (xfr#3, to-chk=4/8)
   .profile
            807 100%  788.09kB/s    0:00:00 (xfr#4, to-chk=3/8)
   .sudo_as_admin_successful
              0 100%    0.00kB/s    0:00:00 (xfr#5, to-chk=2/8)
   .ssh/
   .ssh/authorized_keys
          1,174 100%    1.12MB/s    0:00:00 (xfr#6, to-chk=0/8)
   Could not unlink the key(s) from your keying. Please use `keyctl unlink` if you wish to remove the key(s). Proceeding with umount.
   
   ========================================================================
   Some Important Notes!
   
    1. The file encryption appears to have completed successfully, however,
    ou MUST LOGIN IMMEDIATELY, _BEFORE_THE_NEXT_REBOOT_,
    TO COMPLETE THE MIGRATION!!!
   
    2. If ou can log in and read and write their files, then the migration is complete,
    and you should remove /home/ou.q4MyCen9.
    Otherwise, restore /home/ou.q4MyCen9 back to /home/ou.
   
    3. ou should also run 'ecryptfs-unwrap-passphrase' and record
    their randomly generated mount passphrase as soon as possible.
   
    4. To ensure the integrity of all encrypted data on this system, you
    should also encrypt swap space with 'ecryptfs-setup-swap'.
   ========================================================================

Install Issue

Issue 1: no lsof installed

tu@raspberry-pi:~ $ sudo ecryptfs-migrate-home -u ou
INFO:  Checking disk space, this may take a few moments.  Please be patient.
INFO:  Please install lsof.
ERROR:  Can not tell whether /home/ou is in use or not.

Slution:
sudo apt install lsof

Issue 2: ecryptfs kernel module not loaded

tu@raspberry-pi:~ $ sudo ecryptfs-migrate-home -u ou
INFO:  Checking disk space, this may take a few moments.  Please be patient.
INFO:  Checking for open files in /home/ou
ERROR:  Cannot get ecryptfs version, ecryptfs kernel module not loaded?

Slution:
sudo modprobe ecryptfs

版权属于：wshon

本文链接：https://blog.wshon.com/2023/11/raspberrypi-ecrypt-home.html

转载时须注明出处及本声明